US20090165100A1 - Web page safety judgment system - Google Patents
Web page safety judgment system Download PDFInfo
- Publication number
- US20090165100A1 US20090165100A1 US12/341,793 US34179308A US2009165100A1 US 20090165100 A1 US20090165100 A1 US 20090165100A1 US 34179308 A US34179308 A US 34179308A US 2009165100 A1 US2009165100 A1 US 2009165100A1
- Authority
- US
- United States
- Prior art keywords
- input
- information
- authentication information
- login
- web page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Definitions
- the present invention relates to a web page safety judgment system for judging safety of a web page displayed on a user terminal.
- a system including a service providing web server and a user terminal is known.
- the service providing web server retains set authentication information and a target web page as a web page and publishes the target web page on a network.
- the user terminal displays the target web page on its display unit.
- the target web page includes an authentication information input field, and the user terminal, in order to receive a predetermined service, inputs input authentication information into the authentication information input field and transmits it as transmission authentication information.
- the service providing web server provides a predetermined service to the user terminal.
- the user terminal Before transmitting the input authentication information inputted into the authentication information input field as the transmission authentication information, the user terminal judges safety based on a blacklist (refer to, for example, Japanese Laid Open Patent Application (JP-P2007-226608A)).
- a harmful URL Uniform Resource Locator
- a target URL identifying a target web page displayed on the display unit agrees with the harmful URL, the user terminal cancels the transmission of the input authentication information inputted into the authentication information input field.
- the target web page displayed on the display unit is a harmful web page but the target URL is not registered as a harmful URL in the blacklist.
- the user terminal does not hit any URL when using the blacklist. That is, the target URL identifying the target web page displayed on the display unit does not agree with any harmful URL. For this reason, the user terminal transmits, to the harmful web page, the input authentication information inputted into the authentication information input field as the transmission authentication information. As described above, the user terminal imprudently transmits the authentication information of a user, and thus safety of the authentication information is not secured.
- a system is desired which can secure higher safety of authentication information in compared with a system using a blacklist (or whitelist).
- JP-P2007-226608A discloses a site management system.
- the site management system includes: database means for registering a web site judged as an inappropriate access target; web site access means for accessing the web site registered in the database means via communication circuits; and database update means for deleting the web site as the target of the access from the database means based on the result of the access.
- An exemplary object of the invention is to provide a web page safety judgment system, a web page safety judgment method and a recording medium recording a computer program of the method, which are able to secure higher safety of authentication information in compared with a system using a blacklist.
- a web page safety judgment system includes a user terminal that is connected via a network to a service providing web server which publishes a target web page on the network.
- the target web page includes an authentication information input field into which input authentication information is inputted by the user terminal.
- the user terminal includes a first validity judgment process part, a second validity judgment process part, a third validity judgment process part, a safety process part, a display unit that displays the target web page published on the network, and a storage unit that stores a login information list and a service group information list.
- the login information list registers a plurality of login history information respectively including a plurality of authentication information and browsed URLs (Uniform Resource Locators) identifying web pages browsed on the display unit before.
- the service group information list registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information.
- the first validity judgment process unit checks a target URL identifying the target web page displayed on the display unit with the browsed URLs and judges login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level.
- the second validity judgment process part selects, from the service groups, first service groups each of which includes a service URL agreeing with one of the browsed URLs.
- the second validity judgment process part checks the target URL with service URLs included in the first service groups and selects, from the first service groups, a second service group including a service URL agreeing with the target URL.
- the second validity judgment process part judges login history information of the plurality of login history information, which includes a browsed URL agreeing with a service URL included in the second service group, is a second validity level.
- the third validity judgment process part judges login history information of the plurality of login history information, which is other than the login history information in the first validity level or the second validity level, is a third validity level.
- the safety process part selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels.
- the safety process part executes the corresponding process.
- a web page safety judgment method includes: displaying, on a display unit, a target web page published on a network by a service providing web server and including an authentication information input field into which authentication information is inputted; referring to a login information list that registers a plurality of login history information respectively including a plurality of authentication information and browsed URL (Uniform Resource Locator)s identifying web pages browsed on the display unit before; checking a target URL identifying the target web page displayed on the display unit with the browsed URLs; judging login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level; referring to a service group information list that registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information; selecting, from the service groups, first service groups each of which includes a service URL agreeing with one of the browsed URLs; checking the target URL with service URLs included in the first service groups; selecting
- a recording medium which records a computer-readable program that when executed causes a computer to perform a web page safety judgment method.
- the web page safety judgment method includes: displaying, on a display unit, a target web page published on a network by a service providing web server and including an authentication information input field into which authentication information is inputted; referring to a login information list that registers a plurality of login history information respectively including a plurality of authentication information and browsed URL (Uniform Resource Locator)s identifying web pages browsed on the display unit before; checking a target URL identifying the target webpage displayed on the display unit with the browsed URLs; judging a login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level; referring to a service group information list that registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information; selecting, from the service groups, first service groups each of which includes a
- the user terminal judges the above mentioned first to third validity levels by referring to the login information list and the service group information list, and generates a check result by checking the input authentication information with the authentication information of the login history information in the first to third validity levels. Then, the user terminal selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on the above result of checking, and executes the selected process.
- the input authentication information inputted into the authentication information input field is transmitted as the transmission authentication information in the corresponding process.
- FIG. 1 shows a configuration of a web page safety judgment system according to first to third exemplary embodiments of the present invention
- FIG. 2 shows a computer program 20 installed in a user terminal 1 of the web page safety judgment system according to the first exemplary embodiment of the present invention
- FIG. 3 shows a target web page 70
- FIG. 4 shows a login information list 40 corresponding to user terminal 1 “U001”;
- FIG. 5 shows a service group information list 50
- FIG. 6 is a flowchart illustrating an operation of the web page safety judgment system of the present invention.
- FIG. 7 is a flowchart illustrating safety judgment process (step S 7 ) in FIG. 6 ;
- FIG. 8 shows a computer program 20 installed in the user terminal 1 of the web page safety judgment system according to the second exemplary embodiment of the present invention
- FIG. 9 shows a computer program 20 installed in the user terminal 1 of the web page safety judgment system according to the third exemplary embodiment of the present invention.
- FIG. 10 shows the login information list 40 corresponding to the user terminal 1 “U001” for explaining case A as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention
- FIG. 11 shows the login information list 40 corresponding to the user terminal 1 “U001” for explaining case B as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention.
- FIG. 12 shows the login information list 40 corresponding to the user terminal 1 “U001” for explaining case C as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention.
- FIG. 1 shows a configuration of a web page safety judgment system according to a first exemplary embodiment of the present invention.
- the web page safety judgment system according to the first exemplary embodiment of the present invention includes a plurality of user terminals 1 (only one of the terminals 1 is shown in the figure), a login information server 4 , a service group information server 5 , a blacklist server 3 , and a service providing web server 6 .
- the plurality of the user terminals 1 , the login information server 4 , the service group information server 5 , the blacklist server 3 , and the service providing web server 6 are connected to a network 2 , respectively.
- the login information server 4 , the service group information server 5 , and the blacklist server 3 may be realized not only by separated servers but also by one server.
- Each of the user terminals 1 is a computer, a television having a network connecting function, a portable terminal such as portable phone, or the like.
- Each user terminal 1 includes a control unit 10 , an input unit 11 , a display unit 12 , a storage unit 13 , and a communication unit (not shown in the figure) for transmitting and receiving data and information to and from an outside.
- a CPU Central Processing Unit
- a keyboard or a pointing device such as mouse is exemplified as the input unit 11 .
- the storage unit 13 stores a computer program 20 as software to be executed by the control unit 10 .
- the computer program 20 may be recorded in a recording medium (not shown).
- each user terminal 1 retains user identification information for identifying itself.
- the user identification information is composed, for example, of a unique alphanumeric string indicating a user ID (identification), hardware of the user terminal 1 , software of the user terminal 1 , or so on.
- a unique alphanumeric string indicating a user ID identification
- hardware of the user terminal 1 e.g., hardware of the user terminal 1
- software of the user terminal 1 e.g., software of the user terminal 1 .
- one of the user terminals 1 stores “U001” as the user identification information in the storage unit 13 .
- the computer program 20 includes a list process part 21 , a browser process part 22 , a judgment process part 23 , a safety process part 24 , a history registration process part 25 , and an input process part 26 .
- the list process part 21 includes a blacklist acquisition process part 21 - 0 , a login information list acquisition process part 21 - 1 , a login information list updating process part 21 - 2 , and a service group information list acquisition process part 21 - 3 .
- the judgment process part 23 includes a blacklist judgment process part 23 - 0 , a first validity judgment process part 23 - 1 , a second validity judgment process part 23 - 2 , and a third validity judgment process part 23 - 3 .
- the service providing web server 6 is a computer and includes a storage unit 61 , a publish unit 62 , and a providing unit 63 .
- a target web page 70 as a web page and set authentication information 80 are registered in the storage unit 61 .
- the set authentication information 80 is authentication information registered in advance by the user terminal 1 “U001” of the user terminals 1 .
- the set authentication information 80 differs for every service providing web server 6 .
- the target web page 70 includes a authentication information input field 71 into which input authentication information 81 is inputted by the user terminal 1 and a transmission button 72 . When the transmission button 72 is pressed by a user, the input authentication information 81 is transmitted as transmission authentication information.
- Each of the set authentication information 80 and the input authentication information 81 include a user ID and a password.
- the publish unit 62 publishes the target web page 70 registered in the storage unit 61 on the network 2 .
- the publishing includes a process in which the publish unit 62 transmits the target web page 70 to the user terminal 1 based on a request from the user terminal 1 .
- the providing unit 63 provides a predetermined service to the user terminal 1 .
- the predetermined service for example, is a provision of contents such as a shopping system for members, a dynamic image file, a music file, and a bulletin board.
- a portion (storage region) of the storage unit 61 in which the set authentication information 80 is registered, and a portion (check function) of the providing unit 63 , which checks the transmission authentication information with the set authentication information 80 are configured in a server; and a portion (publish function) of the publish unit 62 , which publishes the target web page 70 on the network 2 is configured in another server.
- the blacklist server 3 is a computer and includes a blacklist storage unit (hereinafter referred to as a storage unit) 31 , a blacklist transmitter unit (hereinafter referred to as a transmitter unit) 32 , and a blacklist updating unit (hereinafter referred to as an updating unit) 33 .
- the storage unit 31 stores a blacklist 30 .
- harmful URLs Uniform Resource Locators
- the transmitter unit 32 transmits a copy of the blacklist 30 stored in the storage unit 31 to the user terminal 1 based on a blacklist acquisition request from the user terminal 1 .
- the updating unit 33 updates the blacklist 30 stored in the storage unit 31 to provide a latest blacklist.
- the login information server 4 is a computer and includes a login information list storage unit (hereinafter referred to as a storage unit) 41 , a login information list transmitter unit (hereinafter referred to as a transmitter unit) 42 , and a login information list updating unit (hereinafter referred to as an updating unit) 43 .
- a login information list storage unit 41 a login information list storage unit (hereinafter referred to as a storage unit) 41 , a login information list transmitter unit (hereinafter referred to as a transmitter unit) 42 , and a login information list updating unit (hereinafter referred to as an updating unit) 43 .
- a plurality of login information lists 40 (only one of the lists 40 is shown in the figure) respectively corresponding to the plurality of user terminals 1 is stored.
- Each of the plurality of user terminals 1 retains the user identification information identifying itself. As described above, one user terminal 1 of the user terminals 1 retains “U001” as the user identification information.
- the login information lists 40 includes a login information list corresponding to the user terminal 1 “U001”, in which login history information is registered as shown in FIG. 4 .
- the login history information includes the user identification information “U001”.
- the login history information includes a login information number for identifying itself, the authentication information, a browsed URL identifying the target web page 70 which was displayed on the display unit 12 when the input authentication information 81 was inputted before.
- a user of the user terminal 1 “U001” may create the login history information by using the input unit 11 , and may register the created information to the login information list 40 “U001”.
- the login information list 40 “U001” will be described in detail below.
- the transmitter unit 42 receives a login information list request from the user terminal 1 .
- the login information list request includes the user identification information “U001”.
- the transmitter unit 42 selects, from the login information lists 40 stored in the storage unit 41 , the login information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list request and transmits the selected list as the login information list 40 for the user terminal 1 to the user terminal 1 .
- the updating unit 43 receives a login information list updating request from the user terminal 1 .
- the login information list updating request includes the login history information and the user identification information “U001”.
- the updating unit 43 selects, from the login information lists 40 stored in the storage unit 41 , the login information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list updating request and registers the login history information included in the login information list updating request to the selected login information list 40 “U001”. In this way, the login information list 40 “U001” is updated.
- the service group information server 5 includes a service group information list storage unit (hereinafter referred to as a storage unit) 51 , a service group information list transmitter unit (hereinafter referred to as a transmitter unit) 52 , and a service group information list updating unit (hereinafter referred to as an updating unit) 53 .
- the service group information list 50 is stored in the storage unit 51 .
- service groups are registered in the service group information list 50 .
- Each of the service groups includes service URLs respectively identifying web pages which allow an authentication by using common authentication information.
- the service group information list 50 will be described in detail below.
- the transmitter unit 52 transmits a copy of the service group information list 50 stored in the storage unit 51 to the user terminal 1 based on a service group information list acquisition request from the user terminal 1 .
- the updating unit 53 updates the service group information list 50 stored in the storage unit 51 to provide a latest service group information list.
- FIGS. 6 and 7 are flowcharts showing an operation of the web page safety judgment system according to the first exemplary embodiment of the present invention.
- step S 1 startup process
- the blacklist acquisition process part 21 - 0 of the user terminal 1 in order to acquire the blacklist 30 , transmits a blacklist acquisition request to the blacklist server 3 .
- the transmitter unit 32 of the blacklist server 3 transmits a copy of the blacklist 30 stored in the storage unit 31 to the user terminal 1 based on the blacklist acquisition request.
- the blacklist acquisition process part 21 - 0 stores the blacklist 30 from the blacklist server 3 in the storage unit 13 (step S 2 ; blacklist acquisition process).
- the login information list acquisition process part 21 - 1 of the user terminal 1 in order to acquire the login information list 40 , transmits a login information list acquisition request including the user identification information “U001” to the login information server 4 .
- the transmitter unit 42 of the login information server 4 selects, from the login information lists 40 stored in the storage unit 41 , the login information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list acquisition request and transmits the selected list as the login information list 40 for the user terminal 1 to the user terminal 1 .
- the login information list acquisition process part 21 - 1 stores the login information list 40 from the login information server 4 in the storage unit 13 (step S 3 ; login information list acquisition process).
- step S 3 there is a case that no login history information exists in the login information list 40 corresponding to the user identification information “U001”. The case will be explained.
- the login information server 4 transmits a login information request error to the user terminal 1 .
- the login information request error indicates that no login history information exists in the login information list 40 “U001”.
- steps S 4 to S 6 are executed, step S 7 is skipped, and steps S 8 and S 10 are executed. Steps S 4 to S 8 and S 10 will be described later.
- the history registration process part 25 displays a new access registration indicator on the display unit 12 at step S 8 .
- the new access registration indicator includes a notification of registering the above mentioned authentication information to the login information list “U001”, a “Yes” button to register the information, and a “No” button not to register the information.
- login history information is generated which includes the above mentioned authentication information and a browsed URL as the target URL.
- the history registration process part 25 registers the login history information to the login information list 40 “U001”.
- a user of the user terminal 1 issues an instruction to display, on the display unit 12 , an arbitrary web page among web pages published on the network 2 by using the input unit 11 .
- the arbitrary webpage is the above mentioned target web page 70 here.
- the browser process part 22 displays, on the display unit 12 of the user terminal 1 , the target web page 70 published on the network 2 based on the instruction (step S 5 ; web page display process).
- the above described steps S 2 to S 4 may be executed after step S 5 .
- the above described steps S 2 to S 4 are executed every time the target web page 70 is displayed on the display unit 12 of the user terminal 1 .
- the user of the user terminal 1 inputs, for the purpose of receiving a predetermined service, the input authentication information 81 as authentication information into the authentication information input field 71 of the target web page 70 displayed on the display unit 12 by using the input unit 11 (step S 6 ; authentication information input process).
- step S 6 when the user presses the transmission button 72 in the target web page 70 displayed on the display unit 12 , the input authentication information 81 inputted into the authentication information input field 71 is not transmitted immediately but transmitted after execution of safety judgment process described below.
- the input process part 26 retains the input authentication information 81 inputted into the authentication information input field 71 and waits for a transmission execution instruction or a transmission execution canceling instruction from the safety process part 24 .
- the input process part 26 executes the retaining and the waiting when detecting the pressing of the transmission button 72 .
- the process part 26 may executes the retaining and the waiting when detecting a HTTP (Hyper Text Transfer Protocol) request message for transmitting the input authentication information 81 to the service providing web server 6 .
- HTTP Hyper Text Transfer Protocol
- a method is employed in which the input process part 26 executes the retaining and the waiting based on “detection of the pressing of the transmission button”.
- a method is employed in which the input process part 26 executes the retaining and the waiting based on “detection of the HTTP request message”.
- the HTTP request message is monitored, the message is analyzed to be a message for transmitting authentication information or not, and the input authentication information is detected.
- the user terminal 1 performs the safety judgment process (step S 7 ).
- the blacklist judgment process part 23 - 0 of the user terminal 1 refers to the blacklist 30 to judge whether or not a target URL of the target webpage 70 displayed on the display unit 12 agrees with the harmful URL (step S 20 ).
- step S 21 When the target URL of the target web page 70 displayed on the display unit 12 agrees with the harmful URL (YES at step S 20 ), the safety process part 24 of the user terminal 1 executes a sixth safety level process (step S 21 ).
- steps S 20 and S 21 are not necessarily executed in this order.
- Step S 20 may be executed immediately after the web page display process (step S 5 ) and the sixth safety level process (step S 21 ) may be executed when the authentication information input process (step S 6 ) is executed.
- the safety process part 24 outputs the transmission execution canceling instruction to cancel the transmission of the transmission authentication information.
- the input process part 26 discards the input authentication information 81 retained by the input process part 26 based on the transmission execution canceling instruction.
- the safety process part 24 displays, on the display unit 12 , a cancellation notice showing that the target URL of the target web page 70 agrees with the harmful URL.
- the first validity judgment process part 23 - 1 , the second validity judgment process part 23 - 2 , and the third validity judgment process part 23 - 3 of the user terminal 1 judge first to third validity levels described below with respect to the login history information registered in the login information list 40 , respectively (step S 30 ).
- the safety process part 24 judges whether or not the input authentication information 81 agrees with the authentication information of the login history information registered in the login information list 40 .
- step S 30 the first validity judgment process part 23 - 1 of the user terminal 1 refers to the login information list 40 to check the browsed URL registered in the login information list 40 with the target URL identifying the target web page 70 displayed on the display unit 12 . Then, the first validity judgment process part 23 - 1 judges that the login history information registered in the login information list 40 and including the browsed URL which agrees with the target URL is the first validity level.
- the second validity judgment process part 23 - 2 of the user terminal 1 refers to the login information list 40 and the service group information list 50 to select, from the service groups registered in the service group information list 50 , first service groups.
- Each of the first service groups includes a service URL which agrees with the browsed URL registered in the login information list 40 .
- the second validity judgment process part 23 - 2 checks service URLs of each first service group with the target URL to select a second service group from the first service groups.
- the second service group includes a service URL which agrees with the target URL.
- the second validity judgment process part 23 - 2 judges that the login history information registered in the login information list 40 and including the browsed URL which agrees with the service URL of the second service group is the second validity level.
- step S 30 the third validity judgment process part 23 - 3 of the user terminal 1 refers to the login information list 40 and the service group information list 50 to judge that the login history information other than the login history information of the first or second validity level and registered in the login information list 40 is the third validity level.
- the judgments of the first and second validity levels are performed based on a validity judgment rule in which one URL is judged to agree with another URL when the one entirely agrees with the other, when the one agrees with the other in other than a query portion, when the one agrees with the other in a host FQDN (Fully Qualified Domain Name) level, or when the one agrees with the other in a domain level.
- a validity judgment rule in which one URL is judged to agree with another URL when the one entirely agrees with the other, when the one agrees with the other in other than a query portion, when the one agrees with the other in a host FQDN (Fully Qualified Domain Name) level, or when the one agrees with the other in a domain level.
- step S 30 the safety process part 24 of the user terminal 1 checks the input authentication information 81 retained by the input process part 26 with the authentication information of the login history information in the first to third validity levels, and generates a check result. According to this, the safety process part 24 selects a corresponding process from a plurality of predetermined processes for the input authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process.
- the input authentication information 81 is transmitted as the transmission authentication information.
- the transmission of the transmission authentication information is canceled.
- the input authentication information 81 retained by the input process part 26 agrees with the authentication information of the login history information in the first validity level (YES at step S 30 and YES at step S 31 ).
- This case means that the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before and the input authentication information 81 is already known.
- the safety process part 24 of the user terminal 1 executes a first safety level process as the corresponding process (step S 32 ).
- the safety process part 24 outputs the transmission execution instruction.
- the input process part 26 transmits the input authentication information 81 retained by the input process part 26 as the transmission authentication information based on the transmission execution instruction.
- the input authentication information 81 retained by the input process part 26 agrees with the authentication information of the login history information in the second validity level (YES at step S 30 and YES at step S 31 ).
- the safety process part 24 of the user terminal 1 executes the first safety level process as the corresponding process (step S 32 ).
- the input authentication information 81 retained by the input process part 26 does not agree with the authentication information of the login history information (YES at step S 30 and YES at step S 31 ). This means that, since the target web page 70 or the web page of the service related to the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before, the input authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level.
- the safety process part 24 of the user terminal 1 executes second safety level process as the above corresponding process (step S 34 ).
- the safety process part 24 outputs the transmission execution instruction.
- the input process part 26 transmits the input authentication information 81 retained by the input process part 26 as the transmission authentication information based on the transmission execution instruction.
- the safety process part 24 displays a change confirmation notice on the display unit 12 .
- the change confirmation notice indicates that, since the target web page 70 or the web page of the service related to the target webpage 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before, the input authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level.
- the input authentication information 81 retained by the input process part 26 does not agree with the authentication information of the login history information in the first or second validity level but the input authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S 30 , NO at step S 31 , and YES at step S 33 ).
- the safety process part 24 of the user terminal 1 executes a third safety level process as the above corresponding process (step S 35 ).
- the safety process part 24 displays an incorrect input selection indicator on the display unit 12 .
- This incorrect input selection indicator includes an incorrect input selection field in which the user of the user terminal 1 selects, by using the input unit 11 , whether or not the input authentication information 81 inputted into the authentication information input field 71 is transmitted.
- the safety process part 24 displays an incorrect input notice on the display unit 12 .
- the incorrect input notice indicates that, since the target web page 70 or the web page of the service related to the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before, the input authentication information 81 is an incorrect input.
- the safety process part 24 When the transmission of the input authentication information 81 is selected in the incorrect input selection field, the safety process part 24 outputs the transmission execution instruction. In this case, the input process part 26 transmits the input authentication information 81 retained by the input process part 26 as the transmission authentication information based on the transmission execution instruction.
- the safety process part 24 cancels transmission of the transmission authentication information, and outputs the transmission execution canceling instruction.
- the input process part 26 discards the input authentication information 81 retained by the input process part 26 based on the transmission execution canceling instruction.
- the input authentication information 81 retained by the input process part 26 does not agree with the authentication information of the login history information in the third validity level (NO at step S 30 and NO at step S 36 ).
- the safety process part 24 of the user terminal 1 executes a fourth safety level process as the above described corresponding process (step S 37 ).
- the safety process part 24 displays a new input selection indicator on the display unit 12 .
- the new input selection indicator includes a new input selection field in which the user of the user terminal 1 selects, by using the input unit 11 , whether or not the input authentication information 81 inputted into the authentication information input field 71 is transmitted.
- the safety process part 24 displays a new input notice on the display unit 12 .
- the new input notice indicates that the target web page 70 or the web page of the service related to the target web page 70 was not displayed on the display unit 12 when the input authentication information 81 was inputted before and that the input authentication information 81 is new authentication information.
- the safety process part 24 outputs the transmission execution instruction.
- the input process part 26 transmits the input authentication information 81 retained by the input process part 26 as the transmission authentication information based on the transmission execution instruction.
- the safety process part 24 cancels the transmission of the transmission authentication information, and outputs the transmission execution canceling instruction.
- the input process part 26 discards the input authentication information 81 retained by the input process part 26 based on the transmission execution canceling instruction.
- the input authentication information 81 retained in the input process part 26 agrees with the authentication information of the login history information in the third validity level (NO at step S 30 and YES at step S 36 ).
- the safety process part 24 of the user terminal 1 executes a fifth safety level process as the above corresponding process (step S 38 ).
- the safety process part 24 cancels the transmission of the transmission authentication information, and outputs the transmission execution canceling instruction.
- the input process part 26 discards the input authentication information 81 retained by the input process part 26 based on the transmission execution canceling instruction.
- the safety process part 24 displays a cancellation notice on the display unit 12 .
- the cancellation notice indicates that the target web page 70 or the web page of the service related to the target web page 70 was not displayed on the display unit 12 when the input authentication information 81 was inputted before and that the input authentication information 81 is already known but does not correspond to the target URL.
- the history registration process part 25 of the user terminal 1 When the transmission authentication information is transmitted as a result of execution of the above safety judgment process (step S 7 ), the history registration process part 25 of the user terminal 1 generates (or updates) the login history information including authentication information corresponding to the transmission authentication information and browsed URL corresponding to the target URL. The history registration process part 25 registers this login history information to the login information list 40 (step S 8 ; registration process).
- the history registration process part 25 when generating the login history information, the history registration process part 25 , at the timing when a web page next to the target web page 70 is displayed on the display unit 12 , displays an indicator for confirming whether or not the target URL of the target web page 70 is to be added. In the case of the addition, the history registration process part 25 generates login history information for the target URL and registers the information to the login information list 40 .
- step S 30 When the login history information in the first validity level exists (YES at step S 30 ), the input authentication information 81 retained by the input process part 26 agrees with the authentication information of the login history information in the first validity level (YES at step S 31 ), and the first safety level process is executed (step S 32 ), the same URL, as the browsed URL of the login history information in the first validity level, has been already registered to the login information list 40 . For this reason, the history registration process part 25 is not required to execute step S 8 .
- the history registration process part 25 updates the login history information at step S 8 .
- the history registration process part 25 adds the target URL to the browsed URLs of the login history information in the first validity level and registers it to the login information list 40 .
- the history registration process part 25 When the second safety level process (step S 34 ) is executed, the history registration process part 25 generates the login history information at step S 8 . In this case, the history registration process part 25 deletes the login history information (the authentication information and the browsed URL) in the above mentioned validity level, and registers, to the login information list 40 , new login history information including the authentication information corresponding to the transmission authentication information (the input authentication information 81 ) and browsed URL corresponding to the target URL.
- the history registration process part 25 When the third safety level process (step S 35 ) is executed, the history registration process part 25 generates the login history information at step S 8 . In this case, the history registration process part 25 registers, to the login information list 40 , new login history information including authentication information corresponding to the transmission authentication information (the input authentication information 81 ) and browsed URL corresponding to the target URL.
- the history registration process part 25 When the fourth safety level process (step S 37 ) is executed, the history registration process part 25 generates the login history information at step S 8 . In this case, the history registration process part 25 registers, to the login information list 40 , new login history information including authentication information corresponding to the transmission authentication information (the input authentication information 81 ) and browsed URL corresponding to the target URL.
- step S 9 When a next web page is displayed after the display of the target webpage 70 (YES at step S 9 ), the above processes after step S 5 are executed.
- the login information list updating process part 21 - 2 of the user terminal 1 in order to causes the login information server 4 to update the login history information registered in the login information list 40 , transmits a login information list updating request including the login history information generated by the history registration process part 25 and the user identification information “U001” to the login information server 4 .
- the updating unit 43 of the login information server 4 selects, from the login information lists 40 stored in the storage unit 41 , the login information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list updating request and registers the login history information included in the login information list updating request to the selected login information list 40 “U001”. In this way, the login information list 40 “U001” is updated (step S 10 ).
- the process at step S 10 is not necessarily executed at the time of ending the execution of the computer program 20 , and may be executed every time the above safety judgment process (step S 7 ) and the registration process (step S 8 ) are executed.
- the user terminal 1 can secure, by executing the above described safety judgment process (step S 7 ), a higher safety of the authentication information in compared with the judgment using the blacklist 30 , in which no hit may occur.
- the web page safety judgment system executes judgments with respect to the above described first to third validity levels by referring to the login information list 40 and the service group information list 50 , and generates a check result by checking the input authentication information 81 with the authentication information of the login history information in the first to third validity levels.
- the web page safety judgment system selects a corresponding process from a plurality of predetermined processes for the input authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process.
- the input authentication information 81 is transmitted as the transmission authentication information in the corresponding process.
- the transmission of the transmission authentication information is canceled in the corresponding process.
- a higher safety of the authentication information can be secured in compared with the judgment using the blacklist 30 , in which no hit may occur.
- a higher safety of the authentication information can be secured in compared with the judgment using a whitelist, since it is difficult to judge whether a third party providing the whitelist is truly trustworthy and there is a limitation in checking innumerable number of web pages.
- the user terminal 1 executes the judgment based on the blacklist 30 , after that, executes judgments with respect to the above described first to third validity levels, and checks the input authentication information 81 with the authentication information of the login history information in the first to third validity levels. Accordingly, the safety of the authentication information can be doubly secured.
- the change confirmation notice, the incorrect input notice, the new input notice, the cancellation notice, and the like are displayed on the display unit 12 depending on a type of the safety level process. For this reason, a user can know which safety level process was executed.
- the above described predetermined processes are not limited to the six types of the safety level process (the first to sixth safety level process) but may be other processes.
- a user of the user terminal 1 may forget the authentication information corresponding to the target web page 70 .
- the user can use an automatic input function in the authentication information input process (step S 6 ).
- the computer program 20 of the user terminal 1 includes, instead of the input process part 26 , an automatic input process part 27 having an automatic input function.
- the automatic input process part 27 detects the authentication information input field 71 in the target web page 70 displayed on the display unit 12 . This automatic input process part 27 retains candidate authentication information as the input authentication information 81 .
- the candidate authentication information is registered in the storage unit 13 in advance.
- the candidate authentication information may be the authentication information of the login history information registered to the login information list 40 .
- the candidate authentication information may be the input authentication information which was registered in the storage unit 13 at that time.
- the candidate authentication information may be the authentication information registered in the storage unit 13 at that time.
- This candidate authentication information is registered with at least one identifier for identifying the authentication information input field 71 of the target web page 70 .
- the identifier is the target web page 70 , a URL to which the transmission authentication information is transmitted, or a screen image.
- the automatic input process part 27 reads the candidate authentication information from the storage unit 13 based on the target web page 70 or the screen image displayed on the display unit 12 , a transmission URL described by data of the target web page 70 , selection by the input unit 11 , or the like, and retains the candidate authentication information as the input authentication information 81 .
- an automatic input method may be realized by a method different from the process executed by the automatic input process part 27 .
- the automatic input process part 27 waits for an input execution instruction or an input execution canceling instruction from the safety process part 24 .
- the safety process part 24 When judging it is safe to input the input authentication information 81 in the target web page 70 , the safety process part 24 outputs the input execution instruction in place of the above mentioned transmission execution instruction. On the other hand, when judging it is risky to input the input authentication information 81 in the target web page 70 , the safety process part 24 outputs the input execution canceling instruction in place of the transmission execution canceling instruction.
- the first to third validity judgment process parts 23 - 1 to 23 - 3 judge the first to third validity levels with respect to the login history information registered in the login information list 40 , respectively, and the safety process part 24 generates a check result by checking the input authentication information 81 retained by the automatic input process part 27 with the authentication information of the login history information in the first to third validity levels.
- the safety process part 24 selects a corresponding process from a plurality of predetermined processes for the input authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process.
- the input authentication information 81 retained by the automatic input process part 27 agrees with the authentication information of the login history information in the first validity level (YES at step S 30 and YES at step S 31 ). This means that the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before and the input authentication information 81 is already known.
- the input authentication information 81 retained by the automatic input process part 27 agrees with the authentication information of the login history information in the second validity level (YES at step S 30 and YES at step S 31 ). This means that a web page of a service related to the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before and the input authentication information 81 is already known.
- the safety process part 24 outputs the input execution instruction in the first safety level process (step S 32 ).
- the automatic input process part 27 inputs the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution instruction.
- the input authentication information 81 retained by the automatic input process part 27 does not agree with all the authentication information of the login history information (YES at step S 30 , NO at step S 31 , and NO at step S 33 ). This means that, since the target web page 70 or the web page of the service related to the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before, the input authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level.
- the safety process part 24 outputs the input execution instruction in the second safety level process (step S 34 ).
- the automatic input process part 27 inputs the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution instruction. At that time, the safety process part 24 displays the above mentioned change confirmation notice on the display unit 12 .
- the input authentication information 81 retained in the automatic input process part 27 does not agree with the authentication information of the login history information in the first or second validity level but the input authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S 30 , NO at step S 31 , and YES at step S 33 ).
- the safety process part 24 displays an input yes-or-no selection indicator on the display unit 12 in the third safety level process (step S 35 ).
- This input yes-or-no selection indicator includes an input yes-or-no selection field in which the user of the user terminal 1 selects, by using the input unit 11 , whether or not the input authentication information is inputted into the authentication information input field 71 .
- the safety process part 24 displays the above mentioned incorrect input notice on the display unit 12 .
- the safety process part 24 When the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution instruction.
- the automatic input process part 27 inputs the input authentication information 81 having been retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution instruction.
- the safety process part 24 when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution canceling instruction.
- the automatic input process part 27 cancels the input of the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution canceling instruction.
- the input authentication information 81 retained by the automatic input process part 27 does not agree with the authentication information of the login history information in the third validity level (NO at step S 30 and NO at step S 36 ). This means that the target web page 70 or the web page of the service related to the target web page 70 was not displayed on the display unit 12 when the input authentication information 81 was inputted before and that the input authentication information 81 is new authentication information.
- the safety process part 24 displays, on the display unit 12 , the above mentioned input yes-or-no selection indicator including the input yes-or-no field in stead of the above mentioned new input selection indicator including the new input selection field in the fourth safety level process (step S 37 ).
- the safety process part 24 displays the above mentioned new input notice on the display unit 12 .
- the safety process part 24 When the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution instruction.
- the automatic input process part 27 inputs the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution instruction.
- the safety process part 24 when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution canceling instruction.
- the automatic input process part 27 cancels the input of the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution canceling instruction.
- the input authentication information 81 retained in the automatic input process part 27 agrees with the authentication information of the login history information in the third validity level (NO at step S 30 and YES at step S 36 ).
- the safety process part 24 outputs the input execution canceling instruction in the fifth safety level process (step S 38 ).
- the automatic input process part 27 cancels the input of the input authentication information 81 retained by the automatic input process part 27 into the authentication information input field 71 based on the input execution canceling instruction.
- the user of the user terminal 1 may forget the authentication information corresponding to the target web page 70 .
- the user can use an input function for allowing the user to select the authentication information in the authentication information input process (step S 6 ).
- the computer program 20 of the user terminal 1 includes, instead of the input process part 26 and the automatic input process part 27 , a user input process part 28 having an input function.
- the user input process part 28 detects the authentication information input field 71 of the target web page 70 displayed on the display unit 12 .
- the user input process part 28 displays a provisional input indicator on the display unit 12 .
- This provisional input indicator includes an authentication information input field into which the user of the user terminal 1 can input the authentication information by using the input unit 11 .
- This authentication information input field is other than the authentication information input field 71 .
- the authentication information input field of the provisional input indicator is referred to as other authentication information input field.
- the user input process part 28 retains the authentication information inputted by the user of the user terminal 1 into the other authentication information input field, and waits for the input execution instruction or the input execution canceling instruction from the safety process part 24 .
- the first to third validity judgment process parts 23 - 1 to 23 - 3 judge the first to third validity levels with respect to the login history information registered by the login information list 40 , respectively, and the safety process part 24 generates a check result by checking the input authentication information 81 retained in the user input process part 28 with the authentication information of the login history information in the first to third validity levels.
- the safety process part 24 selects a corresponding process from a plurality of predetermined processes for the input authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process.
- the input authentication information 81 retained by the user input process part 28 agrees with the authentication information of the login history information in the first validity level (YES at step S 30 and YES at step S 31 ). This means that the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before and the input authentication information 81 is already known.
- the input authentication information 81 retained by the user input process part 28 agrees with the authentication information of the login history information in the second validity level (YES at step S 30 and YES at step S 31 ). This means that a web page of a service related to the target web page 70 was displayed on the display unit 12 when the input authentication information 81 was inputted before and the input authentication information 81 is already known.
- the safety process part 24 outputs the input execution instruction in the first safety level process (step S 32 ).
- the user input process part 28 inputs the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution instruction.
- the input authentication information 81 retained in the user input process part 28 does not agree with the authentication information of the login history information in the first or second validity level but the input authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S 30 , NO at step S 31 , and YES at step S 33 ).
- the safety process part 24 displays an input yes-or-no selection indicator on the display unit 12 in the third safety level process (step S 35 ).
- This input yes-or-no selection indicator includes an input yes-or-no selection field in which the user of the user terminal 1 selects, by using the input unit 11 , whether or not the input authentication information is inputted into the authentication information input field 71 .
- the safety process part 24 When the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution instruction.
- the user input process part 28 inputs the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution instruction.
- the safety process part 24 when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution canceling instruction.
- the user input process part 28 cancels the input of the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution canceling instruction.
- the input authentication information 81 retained by the user input process part 28 does not agree with the authentication information of the login history information in the third validity level (NO at step S 30 and NO at step S 36 ). This means that the target web page 70 or the web page of the service related to the target web page 70 was not displayed on the display unit 12 when the input authentication information 81 was inputted before and that the input authentication information 81 is new authentication information.
- the safety process part 24 displays, on the display unit 12 , the above mentioned input yes-or-no selection indicator including the input yes-or-no field in stead of the above mentioned new input selection indicator including the new input selection field in the fourth safety level process (step S 37 ).
- the safety process part 24 displays the above mentioned new input notice on the display unit 12 .
- the safety process part 24 When the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution instruction.
- the user input process part 28 inputs the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution instruction.
- the safety process part 24 when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the safety process part 24 outputs the input execution canceling instruction.
- the user input process part 28 cancels the input of the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution canceling instruction.
- the input authentication information 81 retained by the user input process part 28 agrees with the authentication information of the login history information in the third validity level (NO at step S 30 and YES at step S 36 ).
- the safety process part 24 outputs the input execution canceling instruction in the fifth safety level process (step S 38 ).
- the user input process part 28 cancels the input of the input authentication information 81 retained by the user input process part 28 into the authentication information input field 71 based on the input execution canceling instruction.
- step S 7 the first to fifth safety level processes (steps S 32 , S 34 , S 35 , S 37 , and S 38 ) in the above described safety judgment process (step S 7 ) will be specifically explained.
- login history information “Z”, “P”, “Q”, and “R” are registered in the login information list 40 .
- the login history information “Z” includes user identification information “U001”, an ID “admin” and a password “adminpass” as authentication information (ID-LI) and browsed URLs “http://AAA.com/index.html” and “http://BBB.com”.
- the login history information “P” includes user identification information “U001”, an ID “adminP” and a password “adminpassP” as authentication information (ID-LI), and a browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”.
- the login history information “Q” includes user identification information “U001”, an ID “adminQ” and a password “adminpassQ” as authentication information (ID-LI), and a browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ”.
- the login history information “R” includes user identification information “U001”, an ID “adminR” and a password “adminpassR” as authentication information (ID-LI), and a browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ”.
- service groups “X” and “Y” are registered in the service group information list 50 .
- the service group “X” includes service URLs of web pages, “http://AAA.com/index.html”, “http://TTT.co.eu/”, and “http://CCC.co.jp/top/top.html”.
- the service group “Y” includes service URLs of web pages, “http://BBB.com/”, and “http://SSS.co.ru/top/top.html”.
- safety levels “1”, “2”, “3”, “4”, “5”, and “6” described below the above mentioned first, second, third, fourth, fifth, and sixth safety level processes are executed, respectively.
- a target URL of the target web page 70 displayed on the display unit 12 is “http://ppp.com/MY_PAGE/Signin?ID % . . . ”.
- the browsed URL in the login history information “Z” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://AAA.com/index.html” in the login history information “Z” is checked with the service URLs of web page in the service group information list 50 .
- the browsed URL agrees with one of the service URLs of web page in the service group “X”.
- the service URLs of web page in the service group “X” are checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://BBB.com/index.html” in the login history information “Z” is checked with the service URLs of web page in the service group information list 50 .
- the browsed URL agrees with one of the service URLs of web page in the service group “Y”.
- the service URL of web page in the service group “Y” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the validity level is judged to be “3”.
- the validity level “3” is added to the login history information “Z” as shown in FIG. 10 .
- the browsed URL in the login history information “P” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the validity level is judged to be “1”.
- the validity level “1” is added to the login history information “P” as shown in FIG. 10 .
- the browsed URL in the login history information “Q” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” in the login history information “Q” is checked with the service URLs of web page in the service group information list 50 . As a result, there is no service group including a service URL which agrees with the browsed URL.
- the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “Q” as shown in FIG. 10 .
- the browsed URL in the login history information “R” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” in the login history information “R” is checked with the service URLs of web page in the service group information list 50 . As a result, there is no service group including a service URL which agrees with the browsed URL.
- the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “R” as shown in FIG. 10 .
- the input authentication information 81 inputted into the authentication information input field of the target web page 70 is assumed to be ID “adminP” and password “adminpassP”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they agree with each other.
- the safety level is judged to be “1” and the first safety level process (step S 32 ) is executed.
- the input authentication information 81 inputted into the authentication information input field in the target web page 70 is assumed to be ID “adminZ” and password “adminpassZ”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they do not agree with each other.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other.
- the safety level is judged to be “2” and the second safety level process (step S 34 ) is executed.
- the input authentication information 81 inputted into the authentication information input field in the target web page 70 is assumed to be ID “adminQ” and password “adminpassQ”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they do not agree with each other.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “Q”, and “R” to which the validity level “3” is added. As a result, the input authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”.
- the safety level is judged to be “3” and the third safety level process (step S 35 ) is executed.
- a target URL of the target web page 70 displayed on the display unit 12 is “http://TTT.co.eu/”.
- the browsed URL in the login history information “Z” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://AAA.com/index.html” in the login history information “Z” is checked with the service URL of web page in the service group information list 50 .
- the browsed URL agrees with one of the service URLs of web page in the service group “X”.
- the service URL of web page in the service group “X” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the validity level is judged to be “2”.
- the validity level “2” is added to the login history information “Z” as shown in FIG. 11 .
- the browsed URL in the login history information “P” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ” in the login history information “P” is checked with the service URLs of web page in the service group information list 50 . As a result, there is no service group including a service URL which agrees with the browsed URL.
- the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “P” as shown in FIG. 11 .
- the browsed URL in the login history information “Q” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” in the login history information “Q” is checked with the service URLs of web page in the service group information list 50 . As a result, there is no service group including a service URL which agrees with the browsed URL.
- the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “Q” as shown in FIG. 11 .
- the browsed URL in the login history information “R” is checked with the target URL of the target web page 70 displayed on the display unit 12 based on the validity judgment rule.
- the browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” in the login history information “R” is checked with the service URLs of web page in the service group information list 50 . As a result, there is no service group including a service URL which agrees with the browsed URL.
- the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “R” as shown in FIG. 11 .
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they agree with each other.
- the safety level is judged to be “1” and the first safety level process (step S 32 ) is executed.
- the input authentication information 81 inputted into the authentication information input field in the target web page 70 is assumed to be ID “adminZ” and password “adminpassZ”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they do not agree with each other.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “p”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other.
- the safety level is “2” and the second safety level process (step S 34 ) is executed.
- the input authentication information 81 inputted into the authentication information input field in the target web page 70 is assumed to be ID “adminQ” and password “adminpassQ”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they do not agree with each other.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P”, “Q”, and “R” to which the validity level “3” is added. As a result, the input authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”.
- the safety level is judged to be “3” and the third safety level process (step S 35 ) is executed.
- the validity level “3” is added to the login history information “Z” in the above described case B. That is, the validity level “3” is added to each of the login history information “Z”, “P”, “Q”, and “R”. Judgment of the safety level in this case will be explained.
- the input authentication information 81 inputted into the authentication information input field of the target web page 70 is assumed to be ID “adminU” and password “adminpassU”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “P”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other.
- the safety level is judged to be “4”, and thus, the fourth safety level process (step S 37 ) is executed.
- the input authentication information 81 inputted into the authentication information input field of the target web page 70 is assumed to be ID “adminQ” and password “adminpassQ”.
- the input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “P”, “Q”, and “R” to which the validity level “3” is added. As a result, the input authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”.
- the safety level is “5”, and thus, the fifth safety level process (step S 38 ) is executed.
Abstract
Description
- This application is based upon and claims the benefit of priority from Japanese patent application No. 2007-331134, filed on Dec. 21, 2007, the disclosure of which is incorporated herein in its entirely by reference.
- The present invention relates to a web page safety judgment system for judging safety of a web page displayed on a user terminal.
- A system including a service providing web server and a user terminal is known. The service providing web server retains set authentication information and a target web page as a web page and publishes the target web page on a network. The user terminal displays the target web page on its display unit. The target web page includes an authentication information input field, and the user terminal, in order to receive a predetermined service, inputs input authentication information into the authentication information input field and transmits it as transmission authentication information. When the transmission authentication information agrees with the set authentication information, the service providing web server provides a predetermined service to the user terminal.
- Before transmitting the input authentication information inputted into the authentication information input field as the transmission authentication information, the user terminal judges safety based on a blacklist (refer to, for example, Japanese Laid Open Patent Application (JP-P2007-226608A)). A harmful URL (Uniform Resource Locator) identifying a harmful web page is registered in the blacklist. When a target URL identifying a target web page displayed on the display unit agrees with the harmful URL, the user terminal cancels the transmission of the input authentication information inputted into the authentication information input field.
- However, there is a case that the target web page displayed on the display unit is a harmful web page but the target URL is not registered as a harmful URL in the blacklist. In this case, the user terminal does not hit any URL when using the blacklist. That is, the target URL identifying the target web page displayed on the display unit does not agree with any harmful URL. For this reason, the user terminal transmits, to the harmful web page, the input authentication information inputted into the authentication information input field as the transmission authentication information. As described above, the user terminal imprudently transmits the authentication information of a user, and thus safety of the authentication information is not secured.
- On the other hand, it can be considered to use a whitelist provided by a third party. However, it is difficult to judge whether the third party is truly trustworthy and there is a limitation in checking innumerable number of web pages.
- As described above, a system is desired which can secure higher safety of authentication information in compared with a system using a blacklist (or whitelist).
- Japanese Laid Open Patent Application (JP-P2007-226608A) discloses a site management system. The site management system includes: database means for registering a web site judged as an inappropriate access target; web site access means for accessing the web site registered in the database means via communication circuits; and database update means for deleting the web site as the target of the access from the database means based on the result of the access.
- An exemplary object of the invention is to provide a web page safety judgment system, a web page safety judgment method and a recording medium recording a computer program of the method, which are able to secure higher safety of authentication information in compared with a system using a blacklist.
- A web page safety judgment system according to an exemplary aspect of the invention includes a user terminal that is connected via a network to a service providing web server which publishes a target web page on the network. The target web page includes an authentication information input field into which input authentication information is inputted by the user terminal. The user terminal includes a first validity judgment process part, a second validity judgment process part, a third validity judgment process part, a safety process part, a display unit that displays the target web page published on the network, and a storage unit that stores a login information list and a service group information list. The login information list registers a plurality of login history information respectively including a plurality of authentication information and browsed URLs (Uniform Resource Locators) identifying web pages browsed on the display unit before. The service group information list registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information. The first validity judgment process unit checks a target URL identifying the target web page displayed on the display unit with the browsed URLs and judges login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level. The second validity judgment process part selects, from the service groups, first service groups each of which includes a service URL agreeing with one of the browsed URLs. The second validity judgment process part checks the target URL with service URLs included in the first service groups and selects, from the first service groups, a second service group including a service URL agreeing with the target URL. The second validity judgment process part judges login history information of the plurality of login history information, which includes a browsed URL agreeing with a service URL included in the second service group, is a second validity level. The third validity judgment process part judges login history information of the plurality of login history information, which is other than the login history information in the first validity level or the second validity level, is a third validity level. The safety process part selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels. The safety process part executes the corresponding process.
- A web page safety judgment method according to a exemplary aspect of the invention includes: displaying, on a display unit, a target web page published on a network by a service providing web server and including an authentication information input field into which authentication information is inputted; referring to a login information list that registers a plurality of login history information respectively including a plurality of authentication information and browsed URL (Uniform Resource Locator)s identifying web pages browsed on the display unit before; checking a target URL identifying the target web page displayed on the display unit with the browsed URLs; judging login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level; referring to a service group information list that registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information; selecting, from the service groups, first service groups each of which includes a service URL agreeing with one of the browsed URLs; checking the target URL with service URLs included in the first service groups; selecting, from the first service groups, a second service group including a service URL agreeing with the target URL; judging login history information of the plurality of login history information, which includes a browsed URL agreeing with a service URL included in the second service group, is a second validity level; judging a login history information of the plurality of login history information, which is other than the login history information in the first validity level or the second validity level, is a third validity level; selecting a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels; and executing the corresponding process.
- A recording medium according to an exemplary aspect of the invention, which records a computer-readable program that when executed causes a computer to perform a web page safety judgment method. The web page safety judgment method includes: displaying, on a display unit, a target web page published on a network by a service providing web server and including an authentication information input field into which authentication information is inputted; referring to a login information list that registers a plurality of login history information respectively including a plurality of authentication information and browsed URL (Uniform Resource Locator)s identifying web pages browsed on the display unit before; checking a target URL identifying the target webpage displayed on the display unit with the browsed URLs; judging a login history information of the plurality of login history information, which includes a browsed URL agreeing with the target URL, is a first validity level; referring to a service group information list that registers service groups each of which includes service URLs respectively identifying web pages for which authentication is performed based on a common authentication information; selecting, from the service groups, first service groups each of which includes a service URL agreeing with one of the browsed URLs; checking the target URL with service URLs included in the first service groups; selecting, from the first service groups, a second service group including a service URL agreeing with the target URL; judging a login history information of the plurality of login history information, which includes a browsed URL agreeing with a service URL included in the second service group, is a second validity level; judging a login history information of the plurality of login history information, which is other than the login history information in the first validity level or the second validity level, is a third validity level; selecting a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels; and executing the corresponding process.
- According to the web page safety judgment system, the method and the recording medium, as described above, the user terminal judges the above mentioned first to third validity levels by referring to the login information list and the service group information list, and generates a check result by checking the input authentication information with the authentication information of the login history information in the first to third validity levels. Then, the user terminal selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first validity level or in the second validity level and on the above result of checking, and executes the selected process. Here, when it is judged to be safe to transmit the input authentication information as transmission authentication information for the target web page, the input authentication information inputted into the authentication information input field is transmitted as the transmission authentication information in the corresponding process. When it is judged to be risky to transmit the input authentication information as the transmission authentication information for the target web page, a transmission of the transmission authentication information is cancelled in the corresponding process. This can secure a higher safety of the authentication information in compared with the judgment using the blacklist, in which no hit may occur. In addition, a higher safety of the authentication information can be secured in compared with the judgment using a whitelist, since it is difficult to judge whether a third party providing the whitelist is truly trustworthy and there is a limitation in checking innumerable number of web pages.
- The above and other objects, advantages and features of the present invention will be more apparent from the following description of certain exemplary embodiments taken in conjunction with the accompanying drawings, in which:
-
FIG. 1 shows a configuration of a web page safety judgment system according to first to third exemplary embodiments of the present invention; -
FIG. 2 shows acomputer program 20 installed in auser terminal 1 of the web page safety judgment system according to the first exemplary embodiment of the present invention; -
FIG. 3 shows atarget web page 70; -
FIG. 4 shows alogin information list 40 corresponding touser terminal 1 “U001”; -
FIG. 5 shows a servicegroup information list 50; -
FIG. 6 is a flowchart illustrating an operation of the web page safety judgment system of the present invention; -
FIG. 7 is a flowchart illustrating safety judgment process (step S7) inFIG. 6 ; -
FIG. 8 shows acomputer program 20 installed in theuser terminal 1 of the web page safety judgment system according to the second exemplary embodiment of the present invention; -
FIG. 9 shows acomputer program 20 installed in theuser terminal 1 of the web page safety judgment system according to the third exemplary embodiment of the present invention; -
FIG. 10 shows thelogin information list 40 corresponding to theuser terminal 1 “U001” for explaining case A as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention; -
FIG. 11 shows thelogin information list 40 corresponding to theuser terminal 1 “U001” for explaining case B as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention; and -
FIG. 12 shows thelogin information list 40 corresponding to theuser terminal 1 “U001” for explaining case C as a specific example of the operation of the web page safety judgment system according to first to third exemplary embodiments of the present invention. - Hereinafter, a web page safety judgment system according to exemplary embodiments of the present invention will be described with reference to the attached drawings.
-
FIG. 1 shows a configuration of a web page safety judgment system according to a first exemplary embodiment of the present invention. The web page safety judgment system according to the first exemplary embodiment of the present invention includes a plurality of user terminals 1 (only one of theterminals 1 is shown in the figure), alogin information server 4, a servicegroup information server 5, ablacklist server 3, and a service providingweb server 6. The plurality of theuser terminals 1, thelogin information server 4, the servicegroup information server 5, theblacklist server 3, and the service providingweb server 6 are connected to anetwork 2, respectively. In the present invention, thelogin information server 4, the servicegroup information server 5, and theblacklist server 3 may be realized not only by separated servers but also by one server. - Each of the
user terminals 1 is a computer, a television having a network connecting function, a portable terminal such as portable phone, or the like. Eachuser terminal 1 includes acontrol unit 10, aninput unit 11, adisplay unit 12, astorage unit 13, and a communication unit (not shown in the figure) for transmitting and receiving data and information to and from an outside. A CPU (Central Processing Unit) is exemplified as thecontrol unit 10. A keyboard or a pointing device such as mouse is exemplified as theinput unit 11. Thestorage unit 13 stores acomputer program 20 as software to be executed by thecontrol unit 10. Thecomputer program 20 may be recorded in a recording medium (not shown). In addition, eachuser terminal 1 retains user identification information for identifying itself. The user identification information is composed, for example, of a unique alphanumeric string indicating a user ID (identification), hardware of theuser terminal 1, software of theuser terminal 1, or so on. For example, one of theuser terminals 1 stores “U001” as the user identification information in thestorage unit 13. - As shown in
FIG. 2 , thecomputer program 20 includes alist process part 21, abrowser process part 22, ajudgment process part 23, asafety process part 24, a historyregistration process part 25, and aninput process part 26. Thelist process part 21 includes a blacklist acquisition process part 21-0, a login information list acquisition process part 21-1, a login information list updating process part 21-2, and a service group information list acquisition process part 21-3. Thejudgment process part 23 includes a blacklist judgment process part 23-0, a first validity judgment process part 23-1, a second validity judgment process part 23-2, and a third validity judgment process part 23-3. An operation based on thecomputer program 20 will be described below. - The service providing
web server 6 is a computer and includes astorage unit 61, a publishunit 62, and a providingunit 63. In thestorage unit 61, atarget web page 70 as a web page and setauthentication information 80 are registered. Theset authentication information 80, for example, is authentication information registered in advance by theuser terminal 1 “U001” of theuser terminals 1. Theset authentication information 80 differs for every service providingweb server 6. As shown inFIG. 3 , thetarget web page 70 includes a authenticationinformation input field 71 into whichinput authentication information 81 is inputted by theuser terminal 1 and atransmission button 72. When thetransmission button 72 is pressed by a user, theinput authentication information 81 is transmitted as transmission authentication information. Each of theset authentication information 80 and theinput authentication information 81 include a user ID and a password. The publishunit 62 publishes thetarget web page 70 registered in thestorage unit 61 on thenetwork 2. Here, the publishing includes a process in which the publishunit 62 transmits thetarget web page 70 to theuser terminal 1 based on a request from theuser terminal 1. When theset authentication information 80 registered in thestorage unit 61 agrees with theinput authentication information 81 transmitted as the transmission authentication information from theuser terminal 1, the providingunit 63 provides a predetermined service to theuser terminal 1. The predetermined service, for example, is a provision of contents such as a shopping system for members, a dynamic image file, a music file, and a bulletin board. By the way, it is possible that a portion (storage region) of thestorage unit 61, in which theset authentication information 80 is registered, and a portion (check function) of the providingunit 63, which checks the transmission authentication information with theset authentication information 80 are configured in a server; and a portion (publish function) of the publishunit 62, which publishes thetarget web page 70 on thenetwork 2 is configured in another server. - The
blacklist server 3 is a computer and includes a blacklist storage unit (hereinafter referred to as a storage unit) 31, a blacklist transmitter unit (hereinafter referred to as a transmitter unit) 32, and a blacklist updating unit (hereinafter referred to as an updating unit) 33. Thestorage unit 31 stores ablacklist 30. In theblacklist 30, harmful URLs (Uniform Resource Locators) identifying harmful web pages are registered. Thetransmitter unit 32 transmits a copy of theblacklist 30 stored in thestorage unit 31 to theuser terminal 1 based on a blacklist acquisition request from theuser terminal 1. The updatingunit 33 updates theblacklist 30 stored in thestorage unit 31 to provide a latest blacklist. - The
login information server 4 is a computer and includes a login information list storage unit (hereinafter referred to as a storage unit) 41, a login information list transmitter unit (hereinafter referred to as a transmitter unit) 42, and a login information list updating unit (hereinafter referred to as an updating unit) 43. In thestorage unit 41, a plurality of login information lists 40 (only one of thelists 40 is shown in the figure) respectively corresponding to the plurality ofuser terminals 1 is stored. Each of the plurality ofuser terminals 1 retains the user identification information identifying itself. As described above, oneuser terminal 1 of theuser terminals 1 retains “U001” as the user identification information. The login information lists 40 includes a login information list corresponding to theuser terminal 1 “U001”, in which login history information is registered as shown inFIG. 4 . The login history information includes the user identification information “U001”. In addition, the login history information includes a login information number for identifying itself, the authentication information, a browsed URL identifying thetarget web page 70 which was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before. In addition, a user of theuser terminal 1 “U001” may create the login history information by using theinput unit 11, and may register the created information to thelogin information list 40 “U001”. Thelogin information list 40 “U001” will be described in detail below. - The
transmitter unit 42 receives a login information list request from theuser terminal 1. The login information list request includes the user identification information “U001”. Thetransmitter unit 42 selects, from the login information lists 40 stored in thestorage unit 41, thelogin information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list request and transmits the selected list as thelogin information list 40 for theuser terminal 1 to theuser terminal 1. The updatingunit 43 receives a login information list updating request from theuser terminal 1. The login information list updating request includes the login history information and the user identification information “U001”. The updatingunit 43 selects, from the login information lists 40 stored in thestorage unit 41, thelogin information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list updating request and registers the login history information included in the login information list updating request to the selectedlogin information list 40 “U001”. In this way, thelogin information list 40 “U001” is updated. - The service
group information server 5 includes a service group information list storage unit (hereinafter referred to as a storage unit) 51, a service group information list transmitter unit (hereinafter referred to as a transmitter unit) 52, and a service group information list updating unit (hereinafter referred to as an updating unit) 53. In thestorage unit 51, the servicegroup information list 50 is stored. As shown inFIG. 5 , service groups are registered in the servicegroup information list 50. Each of the service groups includes service URLs respectively identifying web pages which allow an authentication by using common authentication information. The servicegroup information list 50 will be described in detail below. - The
transmitter unit 52 transmits a copy of the servicegroup information list 50 stored in thestorage unit 51 to theuser terminal 1 based on a service group information list acquisition request from theuser terminal 1. The updatingunit 53 updates the servicegroup information list 50 stored in thestorage unit 51 to provide a latest service group information list. - [Operation]
-
FIGS. 6 and 7 are flowcharts showing an operation of the web page safety judgment system according to the first exemplary embodiment of the present invention. - At first, the
user terminal 1 is started up, and thecomputer program 20 installed in theuser terminal 1 is started up (step S1; startup process). - At this time, the blacklist acquisition process part 21-0 of the
user terminal 1, in order to acquire theblacklist 30, transmits a blacklist acquisition request to theblacklist server 3. Thetransmitter unit 32 of theblacklist server 3 transmits a copy of theblacklist 30 stored in thestorage unit 31 to theuser terminal 1 based on the blacklist acquisition request. The blacklist acquisition process part 21-0 stores theblacklist 30 from theblacklist server 3 in the storage unit 13 (step S2; blacklist acquisition process). - The login information list acquisition process part 21-1 of the
user terminal 1, in order to acquire thelogin information list 40, transmits a login information list acquisition request including the user identification information “U001” to thelogin information server 4. Thetransmitter unit 42 of thelogin information server 4 selects, from the login information lists 40 stored in thestorage unit 41, thelogin information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list acquisition request and transmits the selected list as thelogin information list 40 for theuser terminal 1 to theuser terminal 1. The login information list acquisition process part 21-1 stores thelogin information list 40 from thelogin information server 4 in the storage unit 13 (step S3; login information list acquisition process). - In step S3, there is a case that no login history information exists in the
login information list 40 corresponding to the user identification information “U001”. The case will be explained. - In this case, the
login information server 4 transmits a login information request error to theuser terminal 1. The login information request error indicates that no login history information exists in thelogin information list 40 “U001”. - When the login information list acquisition process part 21-1 receives the login information request error, steps S4 to S6 are executed, step S7 is skipped, and steps S8 and S10 are executed. Steps S4 to S8 and S10 will be described later.
- In step S6, the login information list acquisition process part 21-1 displays a new access guidance indicator on the
display unit 12. The new access guidance indicator indicates notification requiring a user to input the authentication information (an ID, and a password) by using theinput unit 11 into the authenticationinformation input field 71 of thetarget web page 70 displayed on thedisplay unit 12 and to press thetransmission button 72 in thetarget web page 70. - When the authentication information is inputted into the authentication
information input field 71 and thetransmission button 72 is pressed, the historyregistration process part 25 displays a new access registration indicator on thedisplay unit 12 at step S8. The new access registration indicator includes a notification of registering the above mentioned authentication information to the login information list “U001”, a “Yes” button to register the information, and a “No” button not to register the information. When the “Yes” button is pressed, login history information is generated which includes the above mentioned authentication information and a browsed URL as the target URL. The historyregistration process part 25 registers the login history information to thelogin information list 40 “U001”. - At step S10, the login information list updating process part 21-2 transmits a login information list updating request to the
login information server 4 in order to update the login history information registered in thelogin information list 40. The login information list updating request includes the login history information generated by the historyregistration process part 25 and the user identification information “U001”. The updatingunit 43 of thelogin information server 4 selects, from the login information lists 40 stored in thestorage unit 40, thelogin information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list updating request, and registers the login history information included in the login information list updating request to the selectedlogin information list 40 “U001”. That is, thelogin information list 40 “U001” is updated. - Next, a case that login history information exists in the
login information list 40 corresponding to the user identification information “U001” at step S3 will be explained below. - The service group information list acquisition process part 21-3 of the
user terminal 1 transmits a service group information list acquisition request to the servicegroup information server 5 in order to acquire the servicegroup information list 50. Thetransmitter unit 52 transmits a copy of the servicegroup information list 50 stored in thestorage unit 51 to theuser terminal 1 based on the service group information list acquisition request. The service group information list acquisition process part 21-3 stores the servicegroup information list 50 from the servicegroup information server 5 in the storage unit 13 (step S4; service group information list acquisition process). In the present exemplary embodiment, steps S3 and S4 may be simultaneously executed and may be executed in the reverse order. - A user of the
user terminal 1 issues an instruction to display, on thedisplay unit 12, an arbitrary web page among web pages published on thenetwork 2 by using theinput unit 11. The arbitrary webpage is the above mentionedtarget web page 70 here. In this case, thebrowser process part 22 displays, on thedisplay unit 12 of theuser terminal 1, thetarget web page 70 published on thenetwork 2 based on the instruction (step S5; web page display process). - Here, the above described steps S2 to S4 may be executed after step S5. In this case, the above described steps S2 to S4 are executed every time the
target web page 70 is displayed on thedisplay unit 12 of theuser terminal 1. - The user of the
user terminal 1 inputs, for the purpose of receiving a predetermined service, theinput authentication information 81 as authentication information into the authenticationinformation input field 71 of thetarget web page 70 displayed on thedisplay unit 12 by using the input unit 11 (step S6; authentication information input process). - At step S6, when the user presses the
transmission button 72 in thetarget web page 70 displayed on thedisplay unit 12, theinput authentication information 81 inputted into the authenticationinformation input field 71 is not transmitted immediately but transmitted after execution of safety judgment process described below. In this case, theinput process part 26 retains theinput authentication information 81 inputted into the authenticationinformation input field 71 and waits for a transmission execution instruction or a transmission execution canceling instruction from thesafety process part 24. - In the present invention, for example, the
input process part 26 executes the retaining and the waiting when detecting the pressing of thetransmission button 72. Theprocess part 26 may executes the retaining and the waiting when detecting a HTTP (Hyper Text Transfer Protocol) request message for transmitting theinput authentication information 81 to the service providingweb server 6. For example, in a case of authentication such as basic authentication, for which an authentication dialogue appears, a method is employed in which theinput process part 26 executes the retaining and the waiting based on “detection of the pressing of the transmission button”. In a case of normal authentication from a web page, a method is employed in which theinput process part 26 executes the retaining and the waiting based on “detection of the HTTP request message”. In the case of employing the method which uses “detection of the HTTP request message”, the HTTP request message is monitored, the message is analyzed to be a message for transmitting authentication information or not, and the input authentication information is detected. - The
user terminal 1 performs the safety judgment process (step S7). - At first, the blacklist judgment process part 23-0 of the
user terminal 1 refers to theblacklist 30 to judge whether or not a target URL of thetarget webpage 70 displayed on thedisplay unit 12 agrees with the harmful URL (step S20). - When the target URL of the
target web page 70 displayed on thedisplay unit 12 agrees with the harmful URL (YES at step S20), thesafety process part 24 of theuser terminal 1 executes a sixth safety level process (step S21). In the present invention, steps S20 and S21 are not necessarily executed in this order. Step S20 may be executed immediately after the web page display process (step S5) and the sixth safety level process (step S21) may be executed when the authentication information input process (step S6) is executed. - As the sixth safety level process (step S21), the
safety process part 24 outputs the transmission execution canceling instruction to cancel the transmission of the transmission authentication information. In this case, theinput process part 26 discards theinput authentication information 81 retained by theinput process part 26 based on the transmission execution canceling instruction. At this time, thesafety process part 24 displays, on thedisplay unit 12, a cancellation notice showing that the target URL of thetarget web page 70 agrees with the harmful URL. - On the other hand, when the target URL of the
target web page 70 displayed on thedisplay unit 12 does not agree with any harmful URL (NO in step S20), the first validity judgment process part 23-1, the second validity judgment process part 23-2, and the third validity judgment process part 23-3 of theuser terminal 1 judge first to third validity levels described below with respect to the login history information registered in thelogin information list 40, respectively (step S30). In addition, thesafety process part 24 judges whether or not theinput authentication information 81 agrees with the authentication information of the login history information registered in thelogin information list 40. - In step S30, the first validity judgment process part 23-1 of the
user terminal 1 refers to thelogin information list 40 to check the browsed URL registered in thelogin information list 40 with the target URL identifying thetarget web page 70 displayed on thedisplay unit 12. Then, the first validity judgment process part 23-1 judges that the login history information registered in thelogin information list 40 and including the browsed URL which agrees with the target URL is the first validity level. - In step S30, the second validity judgment process part 23-2 of the
user terminal 1 refers to thelogin information list 40 and the servicegroup information list 50 to select, from the service groups registered in the servicegroup information list 50, first service groups. Each of the first service groups includes a service URL which agrees with the browsed URL registered in thelogin information list 40. Next, the second validity judgment process part 23-2 checks service URLs of each first service group with the target URL to select a second service group from the first service groups. The second service group includes a service URL which agrees with the target URL. Then, the second validity judgment process part 23-2 judges that the login history information registered in thelogin information list 40 and including the browsed URL which agrees with the service URL of the second service group is the second validity level. - In step S30, the third validity judgment process part 23-3 of the
user terminal 1 refers to thelogin information list 40 and the servicegroup information list 50 to judge that the login history information other than the login history information of the first or second validity level and registered in thelogin information list 40 is the third validity level. - Here, in the present invention, the judgments of the first and second validity levels are performed based on a validity judgment rule in which one URL is judged to agree with another URL when the one entirely agrees with the other, when the one agrees with the other in other than a query portion, when the one agrees with the other in a host FQDN (Fully Qualified Domain Name) level, or when the one agrees with the other in a domain level.
- In step S30, the
safety process part 24 of theuser terminal 1 checks theinput authentication information 81 retained by theinput process part 26 with the authentication information of the login history information in the first to third validity levels, and generates a check result. According to this, thesafety process part 24 selects a corresponding process from a plurality of predetermined processes for theinput authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process. Here, when it is judged to be safe to transmit theinput authentication information 81 for thetarget web page 70, in the corresponding process, theinput authentication information 81 is transmitted as the transmission authentication information. On the other hand, when it is judged to be risky to transmit theinput authentication information 81 for thetarget web page 70, the transmission of the transmission authentication information is canceled. These will be explained below. - When the login history information in the first validity level exists, the
input authentication information 81 retained by theinput process part 26 agrees with the authentication information of the login history information in the first validity level (YES at step S30 and YES at step S31). This case means that thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. In this case, thesafety process part 24 of theuser terminal 1 executes a first safety level process as the corresponding process (step S32). - In the first safety level process (step S32), the
safety process part 24 outputs the transmission execution instruction. In this case, theinput process part 26 transmits theinput authentication information 81 retained by theinput process part 26 as the transmission authentication information based on the transmission execution instruction. - When the login history information in the second validity level exists, the
input authentication information 81 retained by theinput process part 26 agrees with the authentication information of the login history information in the second validity level (YES at step S30 and YES at step S31). This means that a web page of a service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. In this case, thesafety process part 24 of theuser terminal 1 executes the first safety level process as the corresponding process (step S32). - When the login history information in the first or second validity level exists, the
input authentication information 81 retained by theinput process part 26 does not agree with the authentication information of the login history information (YES at step S30 and YES at step S31). This means that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level. In this case, thesafety process part 24 of theuser terminal 1 executes second safety level process as the above corresponding process (step S34). - In the second safety level process (step S34), the
safety process part 24 outputs the transmission execution instruction. In this case, theinput process part 26 transmits theinput authentication information 81 retained by theinput process part 26 as the transmission authentication information based on the transmission execution instruction. At this time, thesafety process part 24 displays a change confirmation notice on thedisplay unit 12. The change confirmation notice indicates that, since thetarget web page 70 or the web page of the service related to thetarget webpage 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level. - When the login history information in the first or second validity level exists, the
input authentication information 81 retained by theinput process part 26 does not agree with the authentication information of the login history information in the first or second validity level but theinput authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S30, NO at step S31, and YES at step S33). This means that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is an incorrect input. In this case, thesafety process part 24 of theuser terminal 1 executes a third safety level process as the above corresponding process (step S35). - In the third safety level process (step S35), the
safety process part 24 displays an incorrect input selection indicator on thedisplay unit 12. This incorrect input selection indicator includes an incorrect input selection field in which the user of theuser terminal 1 selects, by using theinput unit 11, whether or not theinput authentication information 81 inputted into the authenticationinformation input field 71 is transmitted. - In addition, the
safety process part 24 displays an incorrect input notice on thedisplay unit 12. The incorrect input notice indicates that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is an incorrect input. - When the transmission of the
input authentication information 81 is selected in the incorrect input selection field, thesafety process part 24 outputs the transmission execution instruction. In this case, theinput process part 26 transmits theinput authentication information 81 retained by theinput process part 26 as the transmission authentication information based on the transmission execution instruction. - On the other hand, when cancellation of the transmission of the
input authentication information 81 is selected in the incorrect input selection field, thesafety process part 24 cancels transmission of the transmission authentication information, and outputs the transmission execution canceling instruction. In this case, theinput process part 26 discards theinput authentication information 81 retained by theinput process part 26 based on the transmission execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained by theinput process part 26 does not agree with the authentication information of the login history information in the third validity level (NO at step S30 and NO at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is new authentication information. In this case, thesafety process part 24 of theuser terminal 1 executes a fourth safety level process as the above described corresponding process (step S37). - In the fourth safety level process (step S37), the
safety process part 24 displays a new input selection indicator on thedisplay unit 12. The new input selection indicator includes a new input selection field in which the user of theuser terminal 1 selects, by using theinput unit 11, whether or not theinput authentication information 81 inputted into the authenticationinformation input field 71 is transmitted. - In addition, the
safety process part 24 displays a new input notice on thedisplay unit 12. The new input notice indicates that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is new authentication information. - On that basis, when the transmission of the
input authentication information 81 is selected in the new input selection field, thesafety process part 24 outputs the transmission execution instruction. In this case, theinput process part 26 transmits theinput authentication information 81 retained by theinput process part 26 as the transmission authentication information based on the transmission execution instruction. - On the other hand, when cancellation of the transmission of the
input authentication information 81 is selected in the new input selection field, thesafety process part 24 cancels the transmission of the transmission authentication information, and outputs the transmission execution canceling instruction. In this case, theinput process part 26 discards theinput authentication information 81 retained by theinput process part 26 based on the transmission execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained in theinput process part 26 agrees with the authentication information of the login history information in the third validity level (NO at step S30 and YES at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is already known but does not correspond to the target URL (phishing). In this case, thesafety process part 24 of theuser terminal 1 executes a fifth safety level process as the above corresponding process (step S38). - In the fifth safety level process (step S38), the
safety process part 24 cancels the transmission of the transmission authentication information, and outputs the transmission execution canceling instruction. In this case, theinput process part 26 discards theinput authentication information 81 retained by theinput process part 26 based on the transmission execution canceling instruction. At this time, thesafety process part 24 displays a cancellation notice on thedisplay unit 12. The cancellation notice indicates that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is already known but does not correspond to the target URL. - When the transmission authentication information is transmitted as a result of execution of the above safety judgment process (step S7), the history
registration process part 25 of theuser terminal 1 generates (or updates) the login history information including authentication information corresponding to the transmission authentication information and browsed URL corresponding to the target URL. The historyregistration process part 25 registers this login history information to the login information list 40 (step S8; registration process). - At step S8, when generating the login history information, the history
registration process part 25, at the timing when a web page next to thetarget web page 70 is displayed on thedisplay unit 12, displays an indicator for confirming whether or not the target URL of thetarget web page 70 is to be added. In the case of the addition, the historyregistration process part 25 generates login history information for the target URL and registers the information to thelogin information list 40. - When the login history information in the first validity level exists (YES at step S30), the
input authentication information 81 retained by theinput process part 26 agrees with the authentication information of the login history information in the first validity level (YES at step S31), and the first safety level process is executed (step S32), the same URL, as the browsed URL of the login history information in the first validity level, has been already registered to thelogin information list 40. For this reason, the historyregistration process part 25 is not required to execute step S8. - When the login history information in the second validity level exists (YES at step S30), the
input authentication information 81 retained by theinput process part 26 agrees with the authentication information of the login history information in the second validity level (YES at step S31), and the first safety level process (step S32) is executed, the historyregistration process part 25 updates the login history information at step S8. In this case, the historyregistration process part 25 adds the target URL to the browsed URLs of the login history information in the first validity level and registers it to thelogin information list 40. - When the second safety level process (step S34) is executed, the history
registration process part 25 generates the login history information at step S8. In this case, the historyregistration process part 25 deletes the login history information (the authentication information and the browsed URL) in the above mentioned validity level, and registers, to thelogin information list 40, new login history information including the authentication information corresponding to the transmission authentication information (the input authentication information 81) and browsed URL corresponding to the target URL. - When the third safety level process (step S35) is executed, the history
registration process part 25 generates the login history information at step S8. In this case, the historyregistration process part 25 registers, to thelogin information list 40, new login history information including authentication information corresponding to the transmission authentication information (the input authentication information 81) and browsed URL corresponding to the target URL. - When the fourth safety level process (step S37) is executed, the history
registration process part 25 generates the login history information at step S8. In this case, the historyregistration process part 25 registers, to thelogin information list 40, new login history information including authentication information corresponding to the transmission authentication information (the input authentication information 81) and browsed URL corresponding to the target URL. - When a next web page is displayed after the display of the target webpage 70 (YES at step S9), the above processes after step S5 are executed.
- On the other hand, when finishing the display of the
target web page 70 and ending the execution of thecomputer program 20, the user of theuser terminal 1 issues instructions by using the input unit 11 (NO at step S9). In this case, the login information list updating process part 21-2 of theuser terminal 1, in order to causes thelogin information server 4 to update the login history information registered in thelogin information list 40, transmits a login information list updating request including the login history information generated by the historyregistration process part 25 and the user identification information “U001” to thelogin information server 4. The updatingunit 43 of thelogin information server 4 selects, from the login information lists 40 stored in thestorage unit 41, thelogin information list 40 including the user identification information which agrees with the user identification information “U001” in the login information list updating request and registers the login history information included in the login information list updating request to the selectedlogin information list 40 “U001”. In this way, thelogin information list 40 “U001” is updated (step S10). - Here, the process at step S10 is not necessarily executed at the time of ending the execution of the
computer program 20, and may be executed every time the above safety judgment process (step S7) and the registration process (step S8) are executed. - [Effect]
- As described above, according to the web page safety judgment system according to the first exemplary embodiment of the present invention, the
user terminal 1 can secure, by executing the above described safety judgment process (step S7), a higher safety of the authentication information in compared with the judgment using theblacklist 30, in which no hit may occur. Specifically, the web page safety judgment system executes judgments with respect to the above described first to third validity levels by referring to thelogin information list 40 and the servicegroup information list 50, and generates a check result by checking theinput authentication information 81 with the authentication information of the login history information in the first to third validity levels. Then, the web page safety judgment system selects a corresponding process from a plurality of predetermined processes for theinput authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process. Here, when it is judged to be safe to transmit theinput authentication information 81 for thetarget web page 70, theinput authentication information 81 is transmitted as the transmission authentication information in the corresponding process. And, when it is judged to be risky to transmit theinput authentication information 81 for thetarget webpage 70, the transmission of the transmission authentication information is canceled in the corresponding process. According to this, a higher safety of the authentication information can be secured in compared with the judgment using theblacklist 30, in which no hit may occur. In addition, a higher safety of the authentication information can be secured in compared with the judgment using a whitelist, since it is difficult to judge whether a third party providing the whitelist is truly trustworthy and there is a limitation in checking innumerable number of web pages. - Moreover, according to the web page safety judgment system according to the first exemplary embodiment of the present invention, the
user terminal 1 executes the judgment based on theblacklist 30, after that, executes judgments with respect to the above described first to third validity levels, and checks theinput authentication information 81 with the authentication information of the login history information in the first to third validity levels. Accordingly, the safety of the authentication information can be doubly secured. - Furthermore, according to the web page safety judgment system according to the first exemplary embodiment of the present invention, in the above described predetermined process, in addition to an execution result of the safety level process (the first to sixth safety level process), the change confirmation notice, the incorrect input notice, the new input notice, the cancellation notice, and the like are displayed on the
display unit 12 depending on a type of the safety level process. For this reason, a user can know which safety level process was executed. - According to the present exemplary embodiment, the above described predetermined processes are not limited to the six types of the safety level process (the first to sixth safety level process) but may be other processes.
- Next, a web page safety judgment system according to a second exemplary embodiment of the present invention will be explained. As for the second exemplary embodiment, the same explanation will be omitted by assigning the same numerals to the same components as those of the first exemplary embodiment.
- A user of the
user terminal 1 may forget the authentication information corresponding to thetarget web page 70. In this case, the user can use an automatic input function in the authentication information input process (step S6). As shown inFIG. 8 , thecomputer program 20 of theuser terminal 1 includes, instead of theinput process part 26, an automaticinput process part 27 having an automatic input function. - At step S6, the automatic
input process part 27 detects the authenticationinformation input field 71 in thetarget web page 70 displayed on thedisplay unit 12. This automaticinput process part 27 retains candidate authentication information as theinput authentication information 81. - Here, the candidate authentication information is registered in the
storage unit 13 in advance. For example, since thelogin information list 40 is registered in thestorage unit 13, the candidate authentication information may be the authentication information of the login history information registered to thelogin information list 40. In addition, when the automaticinput process part 27 registered, in thestorage unit 13, the input authentication information which was inputted into the authenticationinformation input field 71 before, the candidate authentication information may be the input authentication information which was registered in thestorage unit 13 at that time. When the user of theuser terminal 1 inputted the authentication information and registered the information in thestorage unit 13 by using theinput unit 11, the candidate authentication information may be the authentication information registered in thestorage unit 13 at that time. This candidate authentication information is registered with at least one identifier for identifying the authenticationinformation input field 71 of thetarget web page 70. For example, the identifier is thetarget web page 70, a URL to which the transmission authentication information is transmitted, or a screen image. When detecting the authenticationinformation input field 71, the automaticinput process part 27 reads the candidate authentication information from thestorage unit 13 based on thetarget web page 70 or the screen image displayed on thedisplay unit 12, a transmission URL described by data of thetarget web page 70, selection by theinput unit 11, or the like, and retains the candidate authentication information as theinput authentication information 81. By the way, an automatic input method may be realized by a method different from the process executed by the automaticinput process part 27. - After that, the automatic
input process part 27 waits for an input execution instruction or an input execution canceling instruction from thesafety process part 24. - When judging it is safe to input the
input authentication information 81 in thetarget web page 70, thesafety process part 24 outputs the input execution instruction in place of the above mentioned transmission execution instruction. On the other hand, when judging it is risky to input theinput authentication information 81 in thetarget web page 70, thesafety process part 24 outputs the input execution canceling instruction in place of the transmission execution canceling instruction. - At step S30 in the safety judgment process (step S7) the first to third validity judgment process parts 23-1 to 23-3 judge the first to third validity levels with respect to the login history information registered in the
login information list 40, respectively, and thesafety process part 24 generates a check result by checking theinput authentication information 81 retained by the automaticinput process part 27 with the authentication information of the login history information in the first to third validity levels. Thesafety process part 24 selects a corresponding process from a plurality of predetermined processes for theinput authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process. - When the login history information in the first validity level exists, the
input authentication information 81 retained by the automaticinput process part 27 agrees with the authentication information of the login history information in the first validity level (YES at step S30 and YES at step S31). This means that thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. - Or, when the login history information in the second validity level exists, the
input authentication information 81 retained by the automaticinput process part 27 agrees with the authentication information of the login history information in the second validity level (YES at step S30 and YES at step S31). This means that a web page of a service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. - In these cases, the
safety process part 24 outputs the input execution instruction in the first safety level process (step S32). The automaticinput process part 27 inputs theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution instruction. - When the login history information in the first or second validity level exists, the
input authentication information 81 retained by the automaticinput process part 27 does not agree with all the authentication information of the login history information (YES at step S30, NO at step S31, and NO at step S33). This means that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level. In this case, thesafety process part 24 outputs the input execution instruction in the second safety level process (step S34). The automaticinput process part 27 inputs theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution instruction. At that time, thesafety process part 24 displays the above mentioned change confirmation notice on thedisplay unit 12. - When the login history information in the first or second validity level exists, the
input authentication information 81 retained in the automaticinput process part 27 does not agree with the authentication information of the login history information in the first or second validity level but theinput authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S30, NO at step S31, and YES at step S33). This means that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is incorrect. In this case, thesafety process part 24 displays an input yes-or-no selection indicator on thedisplay unit 12 in the third safety level process (step S35). This input yes-or-no selection indicator includes an input yes-or-no selection field in which the user of theuser terminal 1 selects, by using theinput unit 11, whether or not the input authentication information is inputted into the authenticationinformation input field 71. - In addition, the
safety process part 24 displays the above mentioned incorrect input notice on thedisplay unit 12. - When the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution instruction. In this case, the automaticinput process part 27 inputs theinput authentication information 81 having been retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution instruction. - On the other hand, when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution canceling instruction. In this case, the automaticinput process part 27 cancels the input of theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained by the automaticinput process part 27 does not agree with the authentication information of the login history information in the third validity level (NO at step S30 and NO at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is new authentication information. In this case, thesafety process part 24 displays, on thedisplay unit 12, the above mentioned input yes-or-no selection indicator including the input yes-or-no field in stead of the above mentioned new input selection indicator including the new input selection field in the fourth safety level process (step S37). - In addition, the
safety process part 24 displays the above mentioned new input notice on thedisplay unit 12. - When the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution instruction. In this case, the automaticinput process part 27 inputs theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution instruction. - On the other hand, when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution canceling instruction. In this case, the automaticinput process part 27 cancels the input of theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained in the automaticinput process part 27 agrees with the authentication information of the login history information in the third validity level (NO at step S30 and YES at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is already known but does not correspond to the target URL. In this case, thesafety process part 24 outputs the input execution canceling instruction in the fifth safety level process (step S38). In this case, the automaticinput process part 27 cancels the input of theinput authentication information 81 retained by the automaticinput process part 27 into the authenticationinformation input field 71 based on the input execution canceling instruction. - Next, a web page safety judgment system according to a third exemplary embodiment of the present invention will be explained. As for the third exemplary embodiment, the same explanation will be omitted by assigning the same numerals to the same components as those of the second exemplary embodiment.
- The user of the
user terminal 1 may forget the authentication information corresponding to thetarget web page 70. In this case, the user can use an input function for allowing the user to select the authentication information in the authentication information input process (step S6). As shown inFIG. 9 , thecomputer program 20 of theuser terminal 1 includes, instead of theinput process part 26 and the automaticinput process part 27, a userinput process part 28 having an input function. - At step S6, the user
input process part 28 detects the authenticationinformation input field 71 of thetarget web page 70 displayed on thedisplay unit 12. At this time, the userinput process part 28 displays a provisional input indicator on thedisplay unit 12. This provisional input indicator includes an authentication information input field into which the user of theuser terminal 1 can input the authentication information by using theinput unit 11. This authentication information input field is other than the authenticationinformation input field 71. Hereinafter, the authentication information input field of the provisional input indicator is referred to as other authentication information input field. The userinput process part 28 retains the authentication information inputted by the user of theuser terminal 1 into the other authentication information input field, and waits for the input execution instruction or the input execution canceling instruction from thesafety process part 24. - When judging it is safe to input the
input authentication information 81 in thetarget web page 70, thesafety process part 24 outputs the input execution instruction in place of the above mentioned transmission execution instruction. On the other hand, when judging it is risky to input theinput authentication information 81 in thetarget web page 70, thesafety process part 24 outputs the input execution canceling instruction in place of the transmission execution canceling instruction. - At step S30 in the safety judgment process (step S7) the first to third validity judgment process parts 23-1 to 23-3 judge the first to third validity levels with respect to the login history information registered by the
login information list 40, respectively, and thesafety process part 24 generates a check result by checking theinput authentication information 81 retained in the userinput process part 28 with the authentication information of the login history information in the first to third validity levels. Thesafety process part 24 selects a corresponding process from a plurality of predetermined processes for theinput authentication information 81 based on existence or absence of the login history information in the first or second validity level and on the above mentioned check result, and executes the selected process. - When the login history information in the first validity level exists, the
input authentication information 81 retained by the userinput process part 28 agrees with the authentication information of the login history information in the first validity level (YES at step S30 and YES at step S31). This means that thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. - Or, when the login history information in the second validity level exists, the
input authentication information 81 retained by the userinput process part 28 agrees with the authentication information of the login history information in the second validity level (YES at step S30 and YES at step S31). This means that a web page of a service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and theinput authentication information 81 is already known. - In these cases, the
safety process part 24 outputs the input execution instruction in the first safety level process (step S32). The userinput process part 28 inputs theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution instruction. - When the login history information in the first or second validity level exists, the
input authentication information 81 retained by the userinput process part 28 does not agree with all the authentication information of the login history information (YES at step S30, NO at step S31, and NO at step S33). This means that, since thetarget web page 70 or the web page of the service related to thetarget web page 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before, theinput authentication information 81 is changed with respect to the authentication information of the login history information in the first or second validity level. In this case, thesafety process part 24 outputs the input execution instruction in the second safety level process (step S34). The userinput process part 28 inputs theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution instruction. At that time, thesafety process part 24 displays the above mentioned change confirmation notice on thedisplay unit 12. - When the login history information in the first or second validity level exists, the
input authentication information 81 retained in the userinput process part 28 does not agree with the authentication information of the login history information in the first or second validity level but theinput authentication information 81 agrees with the authentication information of the login history information in the third validity level (YES at step S30, NO at step S31, and YES at step S33). This means that, since thetarget web page 70 or the web page of the service related to thetarget webpage 70 was displayed on thedisplay unit 12 when theinput authentication information 81 was input before, theinput authentication information 81 is incorrect. In this case, thesafety process part 24 displays an input yes-or-no selection indicator on thedisplay unit 12 in the third safety level process (step S35). This input yes-or-no selection indicator includes an input yes-or-no selection field in which the user of theuser terminal 1 selects, by using theinput unit 11, whether or not the input authentication information is inputted into the authenticationinformation input field 71. - When the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution instruction. In this case, the userinput process part 28 inputs theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution instruction. - On the other hand, when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution canceling instruction. In this case, the userinput process part 28 cancels the input of theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained by the userinput process part 28 does not agree with the authentication information of the login history information in the third validity level (NO at step S30 and NO at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is new authentication information. In this case, thesafety process part 24 displays, on thedisplay unit 12, the above mentioned input yes-or-no selection indicator including the input yes-or-no field in stead of the above mentioned new input selection indicator including the new input selection field in the fourth safety level process (step S37). - In addition, the
safety process part 24 displays the above mentioned new input notice on thedisplay unit 12. - When the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution instruction. In this case, the userinput process part 28 inputs theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution instruction. - On the other hand, when cancellation of the input of the input authentication information is selected in the input yes-or-no selection field, the
safety process part 24 outputs the input execution canceling instruction. In this case, the userinput process part 28 cancels the input of theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution canceling instruction. - When the login history information in the first and second validity levels do not exist and the login history information in the third validity level exists, the
input authentication information 81 retained by the userinput process part 28 agrees with the authentication information of the login history information in the third validity level (NO at step S30 and YES at step S36). This means that thetarget web page 70 or the web page of the service related to thetarget web page 70 was not displayed on thedisplay unit 12 when theinput authentication information 81 was inputted before and that theinput authentication information 81 is already known but does not correspond to the target URL. In this case, thesafety process part 24 outputs the input execution canceling instruction in the fifth safety level process (step S38). In this case, the userinput process part 28 cancels the input of theinput authentication information 81 retained by the userinput process part 28 into the authenticationinformation input field 71 based on the input execution canceling instruction. - Referring to
FIGS. 4 , 5, and 10 to 12, the first to fifth safety level processes (steps S32, S34, S35, S37, and S38) in the above described safety judgment process (step S7) will be specifically explained. - As shown in
FIG. 4 , login history information “Z”, “P”, “Q”, and “R” are registered in thelogin information list 40. - The login history information “Z” includes user identification information “U001”, an ID “admin” and a password “adminpass” as authentication information (ID-LI) and browsed URLs “http://AAA.com/index.html” and “http://BBB.com”.
- The login history information “P” includes user identification information “U001”, an ID “adminP” and a password “adminpassP” as authentication information (ID-LI), and a browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”.
- The login history information “Q” includes user identification information “U001”, an ID “adminQ” and a password “adminpassQ” as authentication information (ID-LI), and a browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ”.
- The login history information “R” includes user identification information “U001”, an ID “adminR” and a password “adminpassR” as authentication information (ID-LI), and a browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ”.
- As shown in
FIG. 5 , service groups “X” and “Y” are registered in the servicegroup information list 50. - The service group “X” includes service URLs of web pages, “http://AAA.com/index.html”, “http://TTT.co.eu/”, and “http://CCC.co.jp/top/top.html”.
- The service group “Y” includes service URLs of web pages, “http://BBB.com/”, and “http://SSS.co.ru/top/top.html”.
- Hereinafter, the above mentioned first, second, and third validity levels are referred to as validity levels “1,” “2”, and “3”, respectively. Additionally, in cases of safety levels “1”, “2”, “3”, “4”, “5”, and “6” described below, the above mentioned first, second, third, fourth, fifth, and sixth safety level processes are executed, respectively.
- In this case, a target URL of the
target web page 70 displayed on thedisplay unit 12 is “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. - At first, judgment of the validity level “1” is performed on the login history information “Z”.
- (Judgment of the Validity Level “1” for the Login History Information “Z”)
- The browsed URL in the login history information “Z” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://AAA.com/index.html” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- A judgment (check) is performed on the browsed URL “http://BBB.com/” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment (1) of the Validity Level “2” for the Login History Information “Z”)
- The browsed URL “http://AAA.com/index.html” in the login history information “Z” is checked with the service URLs of web page in the service
group information list 50. - Here, the browsed URL agrees with one of the service URLs of web page in the service group “X”.
- The service URLs of web page in the service group “X” are checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the service URL “http://TTT.com.eu” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- A judgment (check) is performed on the service URL “http://CCC.co.jp/top/top.html” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed on the browsed URL other than the browsed URL “http://AAA.com/index.html” in the above mentioned login history information “Z”.
- (Judgment (2) of the Validity Level “2” to the Login History Information “Z”)
- The browsed URL “http://BBB.com/index.html” in the login history information “Z” is checked with the service URLs of web page in the service
group information list 50. - Here, the browsed URL agrees with one of the service URLs of web page in the service group “Y”.
- The service URL of web page in the service group “Y” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the service “URL http://SSS.co.ru/top.html” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- In this case, since the target URL does not agrees with all the service URLs, the validity level is judged to be “3”. Thus, the validity level “3” is added to the login history information “Z” as shown in
FIG. 10 . - Next, judgment of the validity level “1” is performed on the login history information “P”.
- (Judgment of the Validity Level “1” for the Login History Information “P”)
- The browsed URL in the login history information “P” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they agree with each other.
- In this case, since the target URL agrees with the browsed URL, the validity level is judged to be “1”. Thus, the validity level “1” is added to the login history information “P” as shown in
FIG. 10 . - Next, judgment of the validity level “1” is performed on the login history information “Q”.
- (Judgment of the Validity Level “1” for the Login History Information “Q”)
- The browsed URL in the login history information “Q” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “Q”)
- The browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” in the login history information “Q” is checked with the service URLs of web page in the service
group information list 50. As a result, there is no service group including a service URL which agrees with the browsed URL. - In this case, the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “Q” as shown in
FIG. 10 . - Next, judgment of the validity level “1” is performed on the login history information “R”.
- (Judgment of the Validity Level “1” for the Login History Information “R”)
- The browsed URL in the login history information “R” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” and the target URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “R”)
- The browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” in the login history information “R” is checked with the service URLs of web page in the service
group information list 50. As a result, there is no service group including a service URL which agrees with the browsed URL. - In this case, the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “R” as shown in
FIG. 10 . - Subsequently, judgment of the safety level is performed.
- The
input authentication information 81 inputted into the authentication information input field of thetarget web page 70 is assumed to be ID “adminP” and password “adminpassP”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they agree with each other. - In this case, the safety level is judged to be “1” and the first safety level process (step S32) is executed.
- The
input authentication information 81 inputted into the authentication information input field in thetarget web page 70 is assumed to be ID “adminZ” and password “adminpassZ”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they do not agree with each other. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other. - In this case, the safety level is judged to be “2” and the second safety level process (step S34) is executed.
- The
input authentication information 81 inputted into the authentication information input field in thetarget web page 70 is assumed to be ID “adminQ” and password “adminpassQ”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P” to which the validity level “1” is added. As a result, they do not agree with each other. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “Q”, and “R” to which the validity level “3” is added. As a result, theinput authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”. - In this case, the safety level is judged to be “3” and the third safety level process (step S35) is executed.
- In this case, a target URL of the
target web page 70 displayed on thedisplay unit 12 is “http://TTT.co.eu/”. - At first, judgment of the validity level “1” is performed on the login history information “Z”.
- (Judgment of the Validity Level “1” for the Login History Information “Z”)
- The browsed URL in the login history information “Z” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://AAA.com/index.html” and the target URL “http://TTT.co.eu”. As a result, they do not agree with each other.
- A judgment (check) is performed on the browsed URL “http://BBB.com/” and the target URL “http://TTT.co.eu”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “Z”)
- The browsed URL “http://AAA.com/index.html” in the login history information “Z” is checked with the service URL of web page in the service
group information list 50. - Here, the browsed URL agrees with one of the service URLs of web page in the service group “X”.
- The service URL of web page in the service group “X” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the service “URL http://TTT.com.eu” and the target URL “http://TTT.co.eu”. As a result, they agree with each other.
- Here, since the validity level will not be judged to be “1”, judgment on the target URL and the service URL “http://CCC.co.jp/top/top.html” and judgment for a service group other than the above mentioned service group are not performed.
- In this case, since the target URL agrees with the service URL, the validity level is judged to be “2”. Thus, the validity level “2” is added to the login history information “Z” as shown in
FIG. 11 . - Next, judgment of the validity level “1” is performed on the login history information “P”.
- (Judgment of the Validity Level “1” for the Login History Information “p”)
- The browsed URL in the login history information “P” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ” and the target URL “http://TTT.co.eu/”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “P”)
- The browsed URL “http://ppp.com/MY_PAGE/Signin?ID % . . . ” in the login history information “P” is checked with the service URLs of web page in the service
group information list 50. As a result, there is no service group including a service URL which agrees with the browsed URL. - In this case, the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “P” as shown in
FIG. 11 . - Next, judgment of the validity level “1” is performed on the login history information “Q”.
- (Judgment of the Validity Level “1” for the Login History Information “Q”)
- The browsed URL in the login history information “Q” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” and the target URL “http://TTT.co.eu/”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “Q”)
- The browsed URL “http://qqq.com/MY_PAGE/Signin?ID % . . . ” in the login history information “Q” is checked with the service URLs of web page in the service
group information list 50. As a result, there is no service group including a service URL which agrees with the browsed URL. - In this case, the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “Q” as shown in
FIG. 11 . - Next, judgment of the validity level “1” is performed on the login history information “R”.
- (Judgment of the Validity Level “1” for the Login History Information “R”)
- The browsed URL in the login history information “R” is checked with the target URL of the
target web page 70 displayed on thedisplay unit 12 based on the validity judgment rule. - Here, a judgment (check) is performed on the browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” and the target URL “http://TTT.co.eu/”. As a result, they do not agree with each other.
- In this case, judgment of the validity level “2” is performed.
- (Judgment of the Validity Level “2” for the Login History Information “R”)
- The browsed URL “http://rrr.com/I_PAGE/Signin?ID % . . . ” in the login history information “R” is checked with the service URLs of web page in the service
group information list 50. As a result, there is no service group including a service URL which agrees with the browsed URL. - In this case, the validity level is judged to be “3”, and thus, the validity level “3” is added to the login history information “R” as shown in
FIG. 11 . - Subsequently, judgment of the safety level is performed.
- The
input authentication information 81 inputted into the authentication information input field in thetarget web page 70 is assumed to be ID “admin” and password “adminpass”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they agree with each other. - In this case, the safety level is judged to be “1” and the first safety level process (step S32) is executed.
- The
input authentication information 81 inputted into the authentication information input field in thetarget web page 70 is assumed to be ID “adminZ” and password “adminpassZ”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they do not agree with each other. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “p”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other. - In this case, the safety level is “2” and the second safety level process (step S34) is executed.
- The
input authentication information 81 inputted into the authentication information input field in thetarget web page 70 is assumed to be ID “adminQ” and password “adminpassQ”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z” to which the validity level “2” is added. As a result, they do not agree with each other. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “P”, “Q”, and “R” to which the validity level “3” is added. As a result, theinput authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”. - In this case, the safety level is judged to be “3” and the third safety level process (step S35) is executed.
- As shown in
FIG. 12 , the validity level “3” is added to the login history information “Z” in the above described case B. That is, the validity level “3” is added to each of the login history information “Z”, “P”, “Q”, and “R”. Judgment of the safety level in this case will be explained. - The
input authentication information 81 inputted into the authentication information input field of thetarget web page 70 is assumed to be ID “adminU” and password “adminpassU”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “P”, “Q”, and “R” to which the validity level “3” is added. As a result, they do not agree with each other. - In this case, the safety level is judged to be “4”, and thus, the fourth safety level process (step S37) is executed.
- The
input authentication information 81 inputted into the authentication information input field of thetarget web page 70 is assumed to be ID “adminQ” and password “adminpassQ”. - The
input authentication information 81 is checked with the authentication information (ID-LI) of the login history information “Z”, “P”, “Q”, and “R” to which the validity level “3” is added. As a result, theinput authentication information 81 agrees with the authentication information (ID-LI) of the login history information “Q”. - In this case, the safety level is “5”, and thus, the fifth safety level process (step S38) is executed.
- While the invention has been particularly shown and described with reference exemplary embodiments thereof, the invention is not limited to these embodiments. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the claims.
Claims (15)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007331134A JP4604253B2 (en) | 2007-12-21 | 2007-12-21 | Web page safety judgment system |
JP2007-331134 | 2007-12-21 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20090165100A1 true US20090165100A1 (en) | 2009-06-25 |
US8392987B2 US8392987B2 (en) | 2013-03-05 |
Family
ID=40790303
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/341,793 Active 2032-01-03 US8392987B2 (en) | 2007-12-21 | 2008-12-22 | Web page safety judgment system |
Country Status (2)
Country | Link |
---|---|
US (1) | US8392987B2 (en) |
JP (1) | JP4604253B2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080147861A1 (en) * | 2006-12-13 | 2008-06-19 | Takumi Oishi | Data distribution network and an apparatus of index holding |
US20140181307A1 (en) * | 2012-12-21 | 2014-06-26 | Electronics And Telecommunications Research Institute | Routing apparatus and method |
US9262607B1 (en) * | 2013-09-25 | 2016-02-16 | Google Inc. | Processing user input corresponding to authentication data |
CN108989276A (en) * | 2018-03-27 | 2018-12-11 | 深圳市小赢信息技术有限责任公司 | Safe puppet logs in framework and method between a kind of system |
US10289642B2 (en) * | 2016-06-06 | 2019-05-14 | Baidu Usa Llc | Method and system for matching images with content using whitelists and blacklists in response to a search query |
US11070554B2 (en) * | 2018-04-30 | 2021-07-20 | Paypal, Inc. | Authentication module for mobile devices |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9412123B2 (en) | 2003-07-01 | 2016-08-09 | The 41St Parameter, Inc. | Keystroke analysis |
US10999298B2 (en) | 2004-03-02 | 2021-05-04 | The 41St Parameter, Inc. | Method and system for identifying users and detecting fraud by use of the internet |
US11301585B2 (en) | 2005-12-16 | 2022-04-12 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8938671B2 (en) | 2005-12-16 | 2015-01-20 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8151327B2 (en) | 2006-03-31 | 2012-04-03 | The 41St Parameter, Inc. | Systems and methods for detection of session tampering and fraud prevention |
US9112850B1 (en) | 2009-03-25 | 2015-08-18 | The 41St Parameter, Inc. | Systems and methods of sharing information through a tag-based consortium |
US10754913B2 (en) | 2011-11-15 | 2020-08-25 | Tapad, Inc. | System and method for analyzing user device information |
US9633201B1 (en) | 2012-03-01 | 2017-04-25 | The 41St Parameter, Inc. | Methods and systems for fraud containment |
US9521551B2 (en) | 2012-03-22 | 2016-12-13 | The 41St Parameter, Inc. | Methods and systems for persistent cross-application mobile device identification |
EP2880619A1 (en) | 2012-08-02 | 2015-06-10 | The 41st Parameter, Inc. | Systems and methods for accessing records via derivative locators |
WO2014078569A1 (en) | 2012-11-14 | 2014-05-22 | The 41St Parameter, Inc. | Systems and methods of global identification |
JP6015546B2 (en) * | 2013-04-30 | 2016-10-26 | キヤノンマーケティングジャパン株式会社 | Information processing apparatus, information processing method, and program |
US10902327B1 (en) | 2013-08-30 | 2021-01-26 | The 41St Parameter, Inc. | System and method for device identification and uniqueness |
US10091312B1 (en) | 2014-10-14 | 2018-10-02 | The 41St Parameter, Inc. | Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups |
JP7028699B2 (en) * | 2018-04-16 | 2022-03-02 | 株式会社構造計画研究所 | Malignant website detection device, malignant website detection method and malignant website detection program |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6356909B1 (en) * | 1999-08-23 | 2002-03-12 | Proposal Technologies Network, Inc. | Web based system for managing request for proposal and responses |
US20020162009A1 (en) * | 2000-10-27 | 2002-10-31 | Shimon Shmueli | Privacy assurance for portable computing |
US20060174119A1 (en) * | 2005-02-03 | 2006-08-03 | Xin Xu | Authenticating destinations of sensitive data in web browsing |
US20060225136A1 (en) * | 2005-03-31 | 2006-10-05 | Microsoft Corporation | Systems and methods for protecting personally identifiable information |
US20060271861A1 (en) * | 2005-05-24 | 2006-11-30 | Microsoft Corporation | Method and system for operating multiple web pages with anti-spoofing protection |
US20070006305A1 (en) * | 2005-06-30 | 2007-01-04 | Microsoft Corporation | Preventing phishing attacks |
US7209944B2 (en) * | 2000-09-27 | 2007-04-24 | Casio Computer Co., Ltd. | System and method for providing information, and recording medium |
US20070094727A1 (en) * | 2005-10-07 | 2007-04-26 | Moneet Singh | Anti-phishing system and methods |
WO2007060034A1 (en) * | 2005-11-24 | 2007-05-31 | International Business Machines Corporation | Improved single sign on |
US20070177054A1 (en) * | 2006-01-27 | 2007-08-02 | Mstar Semiconductor, Inc | Edge adaptive de-interlacing apparatus and method thereof |
US20080183745A1 (en) * | 2006-09-25 | 2008-07-31 | David Cancel | Website analytics |
US20090271842A1 (en) * | 2006-05-29 | 2009-10-29 | Symbiotic Technologies Pty Ltd. | Communications security system |
US20100175136A1 (en) * | 2007-05-30 | 2010-07-08 | Moran Frumer | System and method for security of sensitive information through a network connection |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4680697B2 (en) | 2004-08-23 | 2011-05-11 | 三菱電機株式会社 | Floating body |
JP4200453B2 (en) * | 2005-07-08 | 2008-12-24 | 株式会社クローバー・ネットワーク・コム | Fraud prevention program and computer-readable storage medium |
JP4754348B2 (en) * | 2005-12-27 | 2011-08-24 | 富士通エフ・アイ・ピー株式会社 | Information communication system and unauthorized site detection method |
JP4699236B2 (en) * | 2006-02-24 | 2011-06-08 | Kddi株式会社 | Site management apparatus and computer program |
JP4470069B2 (en) * | 2007-11-29 | 2010-06-02 | Necビッグローブ株式会社 | Input assist device, input assist system, input assist method, and input assist program |
-
2007
- 2007-12-21 JP JP2007331134A patent/JP4604253B2/en active Active
-
2008
- 2008-12-22 US US12/341,793 patent/US8392987B2/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6356909B1 (en) * | 1999-08-23 | 2002-03-12 | Proposal Technologies Network, Inc. | Web based system for managing request for proposal and responses |
US7209944B2 (en) * | 2000-09-27 | 2007-04-24 | Casio Computer Co., Ltd. | System and method for providing information, and recording medium |
US20020162009A1 (en) * | 2000-10-27 | 2002-10-31 | Shimon Shmueli | Privacy assurance for portable computing |
US20060174119A1 (en) * | 2005-02-03 | 2006-08-03 | Xin Xu | Authenticating destinations of sensitive data in web browsing |
US20060225136A1 (en) * | 2005-03-31 | 2006-10-05 | Microsoft Corporation | Systems and methods for protecting personally identifiable information |
US20060271861A1 (en) * | 2005-05-24 | 2006-11-30 | Microsoft Corporation | Method and system for operating multiple web pages with anti-spoofing protection |
US20070006305A1 (en) * | 2005-06-30 | 2007-01-04 | Microsoft Corporation | Preventing phishing attacks |
US7681234B2 (en) * | 2005-06-30 | 2010-03-16 | Microsoft Corporation | Preventing phishing attacks |
US20070094727A1 (en) * | 2005-10-07 | 2007-04-26 | Moneet Singh | Anti-phishing system and methods |
WO2007060034A1 (en) * | 2005-11-24 | 2007-05-31 | International Business Machines Corporation | Improved single sign on |
US20080276308A1 (en) * | 2005-11-24 | 2008-11-06 | Thomas Graser | Single Sign On |
US20070177054A1 (en) * | 2006-01-27 | 2007-08-02 | Mstar Semiconductor, Inc | Edge adaptive de-interlacing apparatus and method thereof |
US20090271842A1 (en) * | 2006-05-29 | 2009-10-29 | Symbiotic Technologies Pty Ltd. | Communications security system |
US20080183745A1 (en) * | 2006-09-25 | 2008-07-31 | David Cancel | Website analytics |
US20100175136A1 (en) * | 2007-05-30 | 2010-07-08 | Moran Frumer | System and method for security of sensitive information through a network connection |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080147861A1 (en) * | 2006-12-13 | 2008-06-19 | Takumi Oishi | Data distribution network and an apparatus of index holding |
US20140181307A1 (en) * | 2012-12-21 | 2014-06-26 | Electronics And Telecommunications Research Institute | Routing apparatus and method |
US9262607B1 (en) * | 2013-09-25 | 2016-02-16 | Google Inc. | Processing user input corresponding to authentication data |
US10289642B2 (en) * | 2016-06-06 | 2019-05-14 | Baidu Usa Llc | Method and system for matching images with content using whitelists and blacklists in response to a search query |
CN108989276A (en) * | 2018-03-27 | 2018-12-11 | 深圳市小赢信息技术有限责任公司 | Safe puppet logs in framework and method between a kind of system |
US11070554B2 (en) * | 2018-04-30 | 2021-07-20 | Paypal, Inc. | Authentication module for mobile devices |
Also Published As
Publication number | Publication date |
---|---|
JP4604253B2 (en) | 2011-01-05 |
JP2009151723A (en) | 2009-07-09 |
US8392987B2 (en) | 2013-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8392987B2 (en) | Web page safety judgment system | |
US10289275B2 (en) | Standard commands for native commands | |
EP3219120B1 (en) | Contextual deep linking of applications | |
US8396939B2 (en) | Content distribution management device, terminal, program, and content distribution system | |
JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
US20110010704A1 (en) | Method and apparatus for installing application using application identifier | |
US20060048141A1 (en) | Device-to-device software distribution | |
US20110047146A1 (en) | Systems, Methods, and Computer Program Product for Mobile Service Data Browser | |
EP2310977B1 (en) | An apparatus for managing user authentication | |
US20140215593A1 (en) | Logging in a user mobile device at a server computer system | |
CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
CN106060004A (en) | Database access method and database agent node | |
US20150046451A1 (en) | Information processing system, information processing method, and program | |
JP2011170757A (en) | Management server for inputting personal information, client terminal, personal information input system, and program | |
JP5197351B2 (en) | Information processing apparatus, information processing method, and program | |
JP4444944B2 (en) | Service linkage method | |
US20120072918A1 (en) | Generation of generic universal resource indicators | |
US20040044775A1 (en) | Content relay method for transmitting entry history information stored in history storage of content relay device to user terminal | |
US9306884B2 (en) | Computer-based method and system for processing a file request in response to a message received from a user mobile device | |
US10459719B1 (en) | Disabling a script based on indications of unsuccessful execution of the script | |
CN111935107B (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
JP2014085994A (en) | License management device, license management system and license management method | |
JP2011113109A (en) | Component cooperation device and component cooperation method | |
WO2008011314A2 (en) | Conditional url for computer devices | |
JP5152924B2 (en) | Comment sharing method and apparatus, terminal apparatus, and program thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NEC BIGLOBE, LTD.,JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SASAMURA, NAOKI;SUZUKI, MASAHIRO;MIYAMOTO, KOUKI;AND OTHERS;REEL/FRAME:022017/0836 Effective date: 20081215 Owner name: NEC INFORMATEC SYSTEMS, LTD.,JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SASAMURA, NAOKI;SUZUKI, MASAHIRO;MIYAMOTO, KOUKI;AND OTHERS;REEL/FRAME:022017/0836 Effective date: 20081215 Owner name: NEC INFORMATEC SYSTEMS, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SASAMURA, NAOKI;SUZUKI, MASAHIRO;MIYAMOTO, KOUKI;AND OTHERS;REEL/FRAME:022017/0836 Effective date: 20081215 Owner name: NEC BIGLOBE, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SASAMURA, NAOKI;SUZUKI, MASAHIRO;MIYAMOTO, KOUKI;AND OTHERS;REEL/FRAME:022017/0836 Effective date: 20081215 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: BIGLOBE INC., JAPAN Free format text: CHANGE OF NAME;ASSIGNOR:NEC BIGLOBE, LTD.;REEL/FRAME:034056/0365 Effective date: 20140401 |
|
AS | Assignment |
Owner name: BIGLOBE INC., JAPAN Free format text: CHANGE OF ADDRESS;ASSIGNOR:BIGLOBE INC.;REEL/FRAME:036263/0822 Effective date: 20150223 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: NEC SOLUTION INNOVATORS, LTD., JAPAN Free format text: MERGER AND CHANGE OF NAME;ASSIGNORS:NEC INFORMATEC SYSTEMS, LTD.;NEC SOFT, LTD.;REEL/FRAME:042817/0787 Effective date: 20170401 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |